Professional Documents
Culture Documents
Iri Xe 3s Book
Iri Xe 3s Book
Release 3S
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)
© 2020 Cisco Systems, Inc. All rights reserved.
CONTENTS
Reuse Threshold 53
Maximum Suppress Time 53
Affected Components 53
Route Types 53
Supported Protocols 54
Network Deployments 54
Benefits of IP Event Dampening 55
How to Configure IP Event Dampening 55
Enabling IP Event Dampening 55
Verifying IP Event Dampening 56
Configuration Examples for IP Event Dampening 57
Configuring IP Event Dampening Example 57
Verifying IP Event Dampening Example 57
Additional References 58
Feature Information for IP Event Dampening 59
Glossary 59
Example: Configuring PBR Next-Hop Verify Availability for Inherited IPv6 VRF 174
Example: Configuring PBR Next-Hop Verify Availability for Inter VRF 174
Additional References for PBR Next-Hop Verify Availability for VRF 175
Feature Information for PBR Next-Hop Verify Availability for VRF 175
Configuring QoS Policy Propagation via BGP Based on an Access List 182
Monitoring QoS Policy Propagation via BGP 184
Configuration Examples for QoS Policy Propagation via BGP 185
Example: Configuring QoS Policy Propagation via BGP 185
Additional References 187
Feature Information for QoS Policy Propagation via BGP 188
Note Consider your decision to use VLSMs carefully. You can easily make mistakes in address assignments and
you will generally find that the network is more difficult to monitor using VLSMs.
The best way to implement VLSMs is to keep your existing addressing plan in place and gradually migrate
some networks to VLSMs to recover address space.
Static Routes
Static routes are user-defined routes that cause packets moving between a source and a destination to take a
specified path. Static routes can be important if the device cannot build a route to a particular destination.
They are also useful for specifying a gateway of last resort to which all unroutable packets will be sent.
To configure a static route, use the ip route prefix mask {ip-address | interface-type interface-number
[ip-address]} [distance] [name] [permanent | track number] [tag tag] global configuration command.
Static routes remains in the device configuration until you remove them (using the no ip route global
configuration command). However, you can override static routes with dynamic routing information through
prudent assignment of administrative distance values. An administrative distance is a rating of the
trustworthiness of a routing information source, such as an individual router or a group of routers. Numerically,
an administrative distance is an integer from 0 to 255. In general, the higher the value, the lower the trust
rating. An administrative distance of 255 means the routing information source cannot be trusted at all and
should be ignored.
Each dynamic routing protocol has a default administrative distance, as listed in the table below. If you want
a static route to be overridden by information from a dynamic routing protocol, simply ensure that the
administrative distance of the static route is higher than that of the dynamic protocol.
Connected interface 0
Static route 1
Internal EIGRP 90
Unknown 255
Static routes that point to an interface are advertised via RIP, EIGRP, and other dynamic routing protocols,
regardless of whether redistribute static router configuration commands are specified for those routing
protocols. These static routes are advertised because static routes that point to an interface are considered in
the routing table to be connected and hence lose their static nature. However, if you define a static route to
an interface that is not one of the networks defined in a network command, no dynamic routing protocols
will advertise the route unless a redistribute static command is specified for these protocols.
When an interface goes down, all static routes through that interface are removed from the IP routing table.
Also, when the software can no longer find a valid next hop for the address specified as the address of the
forwarding device in a static route, the static route is removed from the IP routing table.
Note A packet with an E-class source address (240.0.0.0/4) gets dropped on Cisco ASR 1000 Series Aggregation
Services Routers, although RFC 1812 (Requirements for IP Version 4 Routers) defines this behavior only for
destination addresses and not specifically for source addresses.
Default Routes
Default routes, also known as gateways of last resort, are used to route packets that are addressed to networks
not explicitly listed in the routing table. A device might not be able to determine routes to all networks. To
provide complete routing capability, network administrators use some devices as smart devices and give the
remaining devices default routes to the smart device. (Smart devices have routing table information for the
entire internetwork.) Default routes can be either passed along dynamically or configured manually into
individual devices.
Most dynamic interior routing protocols include a mechanism for causing a smart device to generate dynamic
default information, which is then passed along to other devices.
You can configure a default route by using the following commands:
• ip default-gateway
• ip default-network
• ip route 0.0.0.0 0.0.0.0
You can use the ip default-gateway global configuration command to define a default gateway when IP
routing is disabled on a device. For instance, if a device is a host, you can use this command to define a default
gateway for the device. You can also use this command to transfer a Cisco software image to a device when
the device is in boot mode. In boot mode, IP routing is not enabled on the device.
Unlike the ip default-gateway command, the ip default-network command can be used when IP routing is
enabled on a device. When you specify a network by using the ip default-network command, the device
considers routes to that network for installation as the gateway of last resort on the device.
Gateways of last resort configured by using the ip default-network command are propagated differently
depending on which routing protocol is propagating the default route. For Interior Gateway Routing Protocol
(IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP) to propagate the default route, the network
specified by the ip default-network command must be known to IGRP or EIGRP. The network must be an
IGRP- or EIGRP-derived network in the routing table, or the static route used to generate the route to the
network must be redistributed into IGRP or EIGRP or advertised into these protocols by using the network
command. The Routing Information Protocol (RIP) advertises a route to network 0.0.0.0 if a gateway of last
resort is configured by using the ip default-network command. The network specified in the ip
default-network command need not be explicitly advertised under RIP.
Creating a static route to network 0.0.0.0 0.0.0.0 by using the ip route 0.0.0.0 0.0.0.0 command is another
way to set the gateway of last resort on a device. As with the ip default-network command, using the static
route to 0.0.0.0 is not dependent on any routing protocols. However, IP routing must be enabled on the device.
IGRP does not recognize a route to network 0.0.0.0. Therefore, it cannot propagate default routes created by
using the ip route 0.0.0.0 0.0.0.0 command. Use the ip default-network command to have IGRP propagate
a default route.
EIGRP propagates a route to network 0.0.0.0, but the static route must be redistributed into the routing protocol.
Depending on your release of the Cisco software, the default route created by using the ip route 0.0.0.0 0.0.0.0
command is automatically advertised by RIP devices. In some releases, RIP does not advertise the default
route if the route is not learned via RIP. You might have to redistribute the route into RIP by using the
redistribute command.
Default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by Open Shortest Path
First (OSPF) and Intermediate System to Intermediate System (IS-IS). Additionally, these default routes
cannot be redistributed into OSPF or IS-IS by using the redistribute command. Use the default-information
originate command to generate a default route into an OSPF or IS-IS routing domain.
Default Network
Default networks are used to route packets to destinations not established in the routing table. You can use
the ip default-network network-number global configuration command to configure a default network when
IP routing is enabled on the device. When you configure a default network, the device considers routes to that
network for installation as the gateway of last resort on the device.
Note Note that any protocol can redistribute routes from other routing protocols as long as a default metric is
configured.
Caution Removing options that you have configured for the redistribute command requires careful use of the no
redistribute command to ensure that you obtain the result that you are expecting. In most cases, changing or
disabling any keyword will not affect the state of other keywords.
information. Also, when multiple routing processes are running in the same device for IP, the same route
could be advertised by more than one routing process. By specifying administrative distance values, you
enable the device to intelligently discriminate between sources of routing information. The device always
picks the route whose routing protocol has the lowest administrative distance.
There are no general guidelines for assigning administrative distances because each network has its own
requirements. You must determine a reasonable matrix of administrative distances for the network as a whole.
For example, consider a device using the Enhanced Interior Gateway Routing Protocol (EIGRP) and the
Routing Information Protocol (RIP). Suppose you trust the EIGRP-derived routing information more than the
RIP-derived routing information. In this example, because the default EIGRP administrative distance is lower
than the default RIP administrative distance, the device uses the EIGRP-derived information and ignores the
RIP-derived information. However, if you lose the source of the EIGRP-derived information (because of a
power shutdown at the source network, for example), the device uses the RIP-derived information until the
EIGRP-derived information reappears.
Note You can also use administrative distance to rate the routing information from devices that are running the
same routing protocol. This application is generally discouraged if you are unfamiliar with this particular use
of administrative distance because it can result in inconsistent routing information, including forwarding
loops.
Note The weight of a route can no longer be set with the distance command. To set the weight for a route, use a
route map.
Note A route map is not required to have match commands; it can have only set commands. If there are no match
commands, everything matches the route map.
Note There are many more match commands not shown in this table. For additional match commands, see the
Cisco IOS Master Command List.
To optionally specify the routing actions for the system to perform if the match criteria are met (for routes
that are being redistributed by the route map), use one or more set commands in route map configuration
mode, as needed.
Note A route map is not required to have set commands; it can have only match commands.
Note There are more set commands not shown in this table. For additional set commands, see the Cisco IOS Master
Command List.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp autonomous-system
4. redistribute protocol process-id
5. default-metric number
6. end
DETAILED STEPS
Step 3 router bgp autonomous-system Enables a BGP routing process and enters router
configuration mode.
Example:
Step 4 redistribute protocol process-id Redistributes routes from the specified routing domain into
another routing domain.
Example:
Device(config-router)# redistribute ospf 2 1
Step 5 default-metric number Sets the default metric value for redistributed routes.
Example: Note The metric value specified in the redistribute
Device(config-router)# default-metric 10 command supersedes the metric value specified
using the default-metric command.
Caution Removing options that you have configured for the redistribute command requires careful use of the no
redistribute command to ensure that you obtain the result that you are expecting.
• EIGRP used the subtractive keyword method prior to EIGRP component version rel5. Starting with
EIGRP component version rel5, the no redistribute command removes the entire redistribute command
when redistributing from any other protocol.
• For the no redistribute connected command, the behavior is subtractive if the redistribute command
is configured under the router bgp or the router ospf command. The behavior is complete removal of
the command if it is configured under the router isis or the router eigrp command.
The following OSPF commands illustrate how various options are removed from the redistribution in router
configuration mode.
Note When routes are redistributed between Open Shortest Path First (OSPF) processes, no OSPF metrics are
preserved.
You cannot specify an interface name in Open Shortest Path First (OSPF). When used for OSPF, this feature
applies only to external routes.
DETAILED STEPS
Device> enable
Step 6 accept-lifetime start-time {infinite | end-time | duration Specifies the time period during which the key can be
seconds} received.
Example:
Device(config-keychain-key)# accept-lifetime
13:30:00 Dec 22 2011 duration 7200
Step 7 send-lifetime start-time {infinite | end-time | duration Specifies the time period during which the key can be sent.
seconds}
Example:
Device(config-keychain-key)# send-lifetime 14:30:00
Dec 22 2011 duration 3600
node reachability and discover the routing path that packets leaving your device are taking through the network.
This information can an be used to determine resource utilization and solve network problems.
Displays supernets.
show ip route supernets-only
updates from devices for which an explicit distance has not been set. The second distance command sets the
administrative distance to 80 for internal EIGRP routes and to 100 for external EIGRP routes. The third
distance command sets the administrative distance to 120 for the device with the address 172.16.1.3.
Note The distance eigrp command must be used to set the administrative distance for EIGRP-derived routes.
The following example assigns the device with the address 192.168.7.18 an administrative distance of 100
and all other devices on subnet 192.168.7.0 an administrative distance of 200:
However, if you reverse the order of these two commands, all devices on subnet 192.168.7.0 are assigned an
administrative distance of 200, including the device at address 192.168.7.18:
Note Assigning administrative distances can be used to solve unique problems. However, administrative distances
should be applied carefully and consistently to avoid the creation of routing loops or other network failures.
In the following example, the distance value for IP routes learned is 90. Preference is given to these IP routes
rather than routes with the default administrative distance value of 110.
Device(config)# !
Device(config)# router eigrp 1
Device(config-router)# network 192.168.0.0
Device(config-router)# network 10.10.10.0
Device(config-router)# redistribute static metric 10000 100 255 1 1500
Device(config-router)# distribute-list 3 out static
In the following example, routes from the 192.168.7.0 network are redistributed into autonomous system 1
(without passing any other routing information from autonomous system 101):
The following example is an alternative way to redistribute routes from the 192.168.7.0 network into
autonomous system 1. Unlike the previous configuration, this method does not allow you to set the metric for
redistributed routes.
In this example, an EIGRP routing process is started. The network router configuration command specifies
that network 172.16.0.0 (the regional network) is to send and receive EIGRP routing information. The
redistribute router configuration command specifies that RIP-derived routing information be advertised in
routing updates. The default-metric router configuration command assigns an EIGRP metric to all RIP-derived
routes. The distribute-list router configuration command instructs the Cisco software to use access list 10
(not defined in this example) to limit the entries in each outgoing update. The access list prevents unauthorized
advertising of university routes to the regional network.
Device(config)# ! All networks that should be advertised from R1 are controlled with ACLs:
Caution BGP should be redistributed into an Interior Gateway Protocol (IGP) when there are no other suitable options.
Redistribution from BGP into any IGP should be applied with proper filtering by using distribute lists, IP
prefix lists, and route map statements to limit the number of prefixes.
The following example illustrates the assignment of four area IDs to four IP address ranges. In the example,
OSPF routing process 1 is initialized, and four OSPF areas are defined: 10.9.50.0, 2, 3, and 0. Areas 10.9.50.0,
2, and 3 mask specific address ranges, whereas area 0 enables OSPF for all other networks.
Each network router configuration command is evaluated sequentially, so the specific order of these commands
in the configuration is important. The Cisco software sequentially evaluates the address/wildcard-mask pair
for each interface. See the IP Routing Protocols Command Reference for more information.
Consider the first network command. Area ID 10.9.50.0 is configured for the interface on which subnet
172.18.20.0 is located. Assume that a match is determined for Gigabit Ethernet interface 0/0/0. Gigabit Ethernet
interface 0/0/0 is attached to Area 10.9.50.0 only.
The second network command is evaluated next. For Area 2, the same process is then applied to all interfaces
(except Gigabit Ethernet interface 0/0/0). Assume that a match is determined for Gigabit Ethernet interface
1/0/0. OSPF is then enabled for that interface, and Gigabit Ethernet 1/0/0 is attached to Area 2.
This process of attaching interfaces to OSPF areas continues for all network commands. Note that the last
network command in this example is a special case. With this command, all available interfaces (not explicitly
attached to another area) are attached to Area 0.
Note Definitions of all areas in an OSPF autonomous system need not be included in the configuration of all devices
in the autonomous system. You must define only the directly connected areas. In the example that follows,
routes in Area 0 are learned by the devices in area 1 (Device A and Device B) when the ABR (Device C)
injects summary link state advertisements (LSAs) into area 1.
Autonomous system 60000 is connected to the outside world via the BGP link to the external peer at IP address
172.16.1.6.
Following is the sample configuration for the general network map shown in the figure above.
Device C Configuration--ABR
Device E Configuration--ASBR
The specific tasks outlined in this configuration are detailed briefly in the following descriptions. The figure
below illustrates the network address ranges and area assignments for the interfaces.
Figure 3: Interface and Area Specifications for OSPF Configuration Example
• Create a stub area with area ID 10.0.0.0. (Note that the authentication and stub options of the area
router configuration command are specified with separate area command entries, but they can be merged
into a single area command.)
• Specify the backbone area (area 0).
The following example redistributes Routing Information Protocol (RIP) routes with a hop count equal to 1
into OSPF. These routes will be redistributed into OSPF as external link state advertisements (LSAs) with a
metric of 5, metric a type of type 1, and a tag equal to 1.
The following example redistributes OSPF learned routes with tag 7 as a RIP metric of 15:
The following example redistributes OSPF intra-area and interarea routes with next hop devices on serial
interface 0/0/0 into the Border Gateway Protocol (BGP) with an INTER_AS metric of 5:
The following example redistributes two types of routes into the integrated IS-IS routing table (supporting
both IP and CLNS). The first type is OSPF external IP routes with tag 5; these routes are inserted into Level
2 IS-IS link-state packets (LSPs) with a metric of 5. The second type is ISO-IGRP derived CLNS prefix routes
that match CLNS access list 2000; these routes will be redistributed into IS-IS as Level 2 LSPs with a metric
of 30.
Device(config-router)# exit
Device(config)# route-map 2 permit
Device(config-route-map)# match route-type external
Device(config-route-map)# match tag 5
Device(config-route-map)# set metric 5
Device(config-route-map)# set level level-2
Device(config-route-map)# exit
Device(config)# route-map 3 permit
Device(config-route-map)# match address 2000
Device(config-route-map)# set metric 30
Device(config-route-map)# exit
With the following configuration, OSPF external routes with tags 1, 2, 3, and 5 are redistributed into RIP with
metrics of 1, 1, 5, and 5, respectively. The OSPF routes with a tag of 4 are not redistributed.
Given the following configuration, a RIP learned route for network 172.18.0.0 and an ISO-IGRP learned route
with prefix 49.0001.0002 will be redistributed into an IS-IS Level 2 LSP with a metric of 5:
The following configuration example illustrates how a route map is referenced by the default-information
router configuration command. This type of reference is called conditional default origination. OSPF will
originate the default route (network 0.0.0.0) with a type 2 metric of 5 if 172.20.0.0 is in the routing table.
Additional References
Related Documents
Technical Assistance
Description Link
IP Routing The IP Routing feature introduced basic IP routing features that are documented
throughout this module and also in other IP Routing Protocol modules.
• You should not configure static configurations over dynamic interfaces, because static configurations
will be lost during reboot or when the user disconnects and reconnects the device.
The example specifies that all destinations with address prefix 2001:DB8::/32 are directly reachable through
interface GigabitEthernet1/0/0.
Directly attached static routes are candidates for insertion in the IPv6 routing table only if they refer to a valid
IPv6 interface; that is, an interface that is both up and has IPv6 enabled on it.
This example specifies that all destinations with address prefix 2001:DB8::/32 are reachable via the host with
address 2001:DB8:3000:1.
A recursive static route is valid (that is, it is a candidate for insertion in the IPv6 routing table) only when the
specified next hop resolves, either directly or indirectly, to a valid IPv6 output interface, provided the route
does not self-recurse, and the recursion depth does not exceed the maximum IPv6 forwarding recursion depth.
A route self-recurses if it is itself used to resolve its own next hop. For example, suppose we have the following
routes in the IPv6 routing table:
ipv6 route
2001:DB8::/32 2001:0BD8:3000:1
This static route will not be inserted into the IPv6 routing table because it is self-recursive. The next hop of
the static route, 2001:DB8:3000:1, resolves via the BGP route 2001:DB8:3000:0/16, which is itself a recursive
route (that is, it only specifies a next hop). The next hop of the BGP route, 2001:DB8::0104, resolves via the
static route. Therefore, the static route would be used to resolve its own next hop.
It is not normally useful to manually configure a self-recursive static route, although it is not prohibited.
However, a recursive static route that has been inserted in the IPv6 routing table may become self-recursive
as a result of some transient change in the network learned through a dynamic routing protocol. If this occurs,
the fact that the static route has become self-recursive will be detected and it will be removed from the IPv6
routing table, although not from the configuration. A subsequent network change may cause the static route
to no longer be self-recursive, in which case it will be reinserted in the IPv6 routing table.
A fully specified route is valid (that is, a candidate for insertion into the IPv6 routing table) when the specified
IPv6 interface is IPv6-enabled and up.
Any of the three types of IPv6 static routes can be used as a floating static route. A floating static route must
be configured with an administrative distance that is greater than the administrative distance of the dynamic
routing protocol, because routes with smaller administrative distances are preferred.
Note By default, static routes have smaller administrative distances than dynamic routes, so static routes will be
used in preference to dynamic routes.
DETAILED STEPS
Device> enable
Step 3 ipv6 route ipv6-prefix / prefix-length ipv6-address | Configures a static IPv6 route.
interface-type interface-number ipv6-address]}
• A static default IPv6 route is being configured on a
[administrative-distance] [administrative-multicast-distance
serial interface.
| unicast| multicast] [tag tag]
Example: • See the syntax examples that immediately follow this
table for specific uses of the ipv6 route command for
Device(config)# ipv6 route ::/0 serial 2/0
configuring static routes.
Configuring a Recursive IPv6 Static Route to Use a Default IPv6 Static Route
By default, a recursive IPv6 static route will not resolve using the default route (::/0). Perform this task to
restore legacy behavior and allow resolution using the default route.
SUMMARY STEPS
1. enable
2. configure terminal
3. ipv6 route static resolve default
DETAILED STEPS
Device> enable
Step 3 ipv6 route static resolve default Allows a recursive IPv6 static route to resolve using the
default IPv6 static route.
Example:
DETAILED STEPS
Device> enable
Step 3 ipv6 route ipv6-prefix / prefix-length {ipv6-address | Configures a static IPv6 route.
interface-type interface-number ipv6-address]}
• In this example, a floating static IPv6 route is being
[administrative-distance] [administrative-multicast-distance
configured.
| unicast | multicast] [tag tag]
Example: • Default administrative distances are as follows:
• Connected interface--0
Device(config)# ipv6 route 2001:DB8::/32 serial • Static route--1
2/0 201
• Enhanced Interior Gateway Routing Protocol
(EIGRP) summary route--5
• External Border Gateway Protocol (eBGP)--20
• Internal Enhanced IGRP--90
• IGRP--100
• Open Shortest Path First--110
• Intermediate System-to-Intermediate System
(IS-IS)--115
• Routing Information Protocol (RIP)--120
• Exterior Gateway Protocol (EGP)--140
• EIGRP external route--170
• Internal BGP--200
• Unknown--255
DETAILED STEPS
Device> enable
Step 2 Do one of the following: Displays the current contents of the IPv6 routing table.
• show ipv6 static [ipv6-address | ipv6-prefix / • These examples show two different ways of displaying
prefix-length][interface interface-type IPv6 static routes.
interface-number] [recursive] [detail]
• show ipv6 route [ipv6-address | ipv6-prefix /
prefix-length | protocol | interface-type
interface-number]
Example:
Example:
Step 3 debug ipv6 routing Displays debugging messages for IPv6 routing table updates
and route cache updates.
Example:
In many cases, alternative mechanisms exist within Cisco software to achieve the same objective. Whether
to use static routes or one of the alternative mechanisms depends on local circumstances.
Router> enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface gigabitethernet0/0/0
Router(config-if)# ipv6 address 2001:DB8:2:1234/64
Router(config-if)# exit
Router(config)#
Router(config)# interface gigabitethernet1/0/0
Router(config-if)# ipv6 address 2001:DB8:3:1234/64
Router(config-if)# exit
Router(config)#
Router(config)# interface gigabitethernet2/0/0
Router(config-if)# ipv6 address 2001:DB8:4:1234/64
Router(config-if)# exit
Router(config)#
Router(config)# interface gigabitethernet3/0/0
Router(config-if)# ipv6 address 2001:DB8::1234/64
Router(config-if)# ipv6 rip one enable
Router(config-if)# exit
Router(config)#
Router(config)# ipv6 router rip one
Router(config-rtr)# redistribute static
Router(config-rtr)# exit
Router(config)#
Router(config)# ipv6 route 2001:DB8:1:1/48 null0
Router(config)# end
Router#
00:01:30: %SYS-5-CONFIG_I: Configured from console by console
Router# show ipv6 route static
Device> enable
Device# configure
terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# ipv6 route 2001:DB8:42:1::/64 null0
Device(config)# end
Router(config-if)# exit
Router(config)# interface Serial3/0/0
Router(config-if)# ipv6 address 2001:DB8:2:124/64
Router(config-if)# exit
Router(config)# ipv6 route ::/0 Serial2/0
Router(config)# ipv6 route ::/0 Serial3/0
Router(config)# end
Router#
00:06:30: %SYS-5-CONFIG_I: Configured from console by console
Router# show ipv6 route static
IPv6 Routing Table - 7 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S ::/0 [1/0]
via ::, Serial2/0
via ::, Serial3/0
Router> enable
Router# configure
terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface gigabitethernet0/0/0
Router(config-if)# ipv6 address 2001:DB8:17:1234/64
Router(config-if)# exit
Router(config)# interface gigabitethernet0/0/0
Router(config-if)# ipv6 address 2001:DB8:1:1234/64
Router(config-if)# ipv6
router
isis
Router(config-if)# exit
Router(config)# router isis
Router(config-router)# net 42.0000.0000.0000.0001.00
Router(config-router)# exit
Router(config)# interface BRI1/0
Router(config-if)# encapsulation ppp
Router(config-if)# ipv6 enable
Router(config-if)# isdn switch-type basic-net3
Router(config-if)# ppp authentication chap optional
Router(config-if)# ppp multilink
Router(config-if)# exit
Router(config)# dialer-list 1 protocol ipv6 permit
Router(config)# ipv6 route 2001:DB8:1::/32 BRI1/0 200
Router(config)# end
Router#
00:03:07: %SYS-5-CONFIG_I: Configured from console by console
Additional References
Related Documents
Standard/RFC Title
MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco
MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
Technical Assistance
Description Link
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
• When a LAN interface is physically connected to a single neighbor, you should configure the LAN
interface as a point-to-point interface so that it can be protected through LFA FRR.
Repair Paths
Repair paths forward traffic during a routing transition. When a link or a router fails, due to the loss of a
physical layer signal, initially, only the neighboring routers are aware of the failure. All other routers in the
network are unaware of the nature and location of this failure until information about this failure is propagated
through a routing protocol, which may take several hundred milliseconds. It is, therefore, necessary to arrange
for packets affected by the network failure to be steered to their destinations.
A router adjacent to the failed link employs a set of repair paths for packets that would have used the failed
link. These repair paths are used from the time the router detects the failure until the routing transition is
complete. By the time the routing transition is complete, all routers in the network revise their forwarding
data and the failed link is eliminated from the routing computation.
Repair paths are precomputed in anticipation of failures so that they can be activated the moment a failure is
detected.
The IPv4 LFA FRR feature uses the following repair paths:
• Equal Cost Multipath (ECMP) uses a link as a member of an equal cost path-split set for a destination.
The other members of the set can provide an alternative path when the link fails.
• LFA is a next-hop route that delivers a packet to its destination without looping back. Downstream paths
are a subset of LFAs.
LFA Overview
LFA is a node other than the primary neighbor. Traffic is redirected to an LFA after a network failure. An
LFA makes the forwarding decision without any knowledge of the failure.
An LFA must neither use a failed element nor use a protecting node to forward traffic. An LFA must not
cause loops. By default, LFA is enabled on all supported interfaces as long as the interface can be used as a
primary path.
Advantages of using per-prefix LFAs are as follows:
• The repair path forwards traffic during transition when the primary path link is down.
• All destinations having a per-prefix LFA are protected. This leaves only a subset (a node at the far side
of the failure) unprotected.
LFA Calculation
The general algorithms to compute per-prefix LFAs can be found in RFC 5286. IS-IS implements RFC 5286
with a small change to reduce memory usage. Instead of performing a Shortest Path First (SPF) calculation
for all neighbors before examining prefixes for protection, IS-IS examines prefixes after SPF calculation is
performed for each neighbor. Because IS-IS examines prefixes after SPF calculation is performed, IS-IS
retains the best repair path after SPF calculation is performed for each neighbor. IS-IS does not have to save
SPF results for all neighbors.
Note LFA computations are enabled for all routes, and FRR is enabled on all supported interfaces.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. ip router isis area-tag
6. isis tag tag-number
7. exit
8. interface type number
9. ip address ip-address mask
10. ip router isis area-tag
11. isis tag tag-number
12. exit
13. router isis area-tag
14. net net
15. fast-reroute per-prefix {level-1 | level-2} {all | route-map route-map-name}
16. end
DETAILED STEPS
Step 3 interface type number Configures an interface and enters interface configuration
mode.
Example:
Device(config)# interface GigabitEthernet0/0/0
Step 4 ip address ip-address mask Sets a primary or secondary IP address for an interface.
Example:
Device(config-if)# ip address 10.1.1.1
255.255.255.0
Step 6 isis tag tag-number Sets a tag on the IP address configured for an interface
when the IP prefix is added to an IS-IS link-state packet
Example:
(LSP).
Device(config-if)# isis tag 17
Step 8 interface type number Configures an interface and enters interface configuration
mode.
Example:
Device(config)# interface GigabitEthernet0/0/1
Step 9 ip address ip-address mask Sets a primary or secondary IP address for an interface.
Example:
Device(config-if)# ip address 192.168.255.2
255.255.255.0
Step 11 isis tag tag-number Sets a tag on the IP address configured for an interface
when the IP prefix is added to an IS-IS LSP.
Example:
Device(config-if)# isis tag 17
Step 13 router isis area-tag Enables the IS-IS routing protocol, specifies an IS-IS
process, and enters router configuration mode.
Example:
Device(config)# router isis ipfrr
Step 14 net net Configures an IS-IS network entity (NET) for a routing
process.
Example:
Device(config-router)# net
49.0001.0101.2800.0001.00
The following example shows how to configure IPv4 LFA FRR on Router A as shown in the above
figure. Router A will advertise prefixes 10.0.0.0/24 and 192.168.255.0/24 along with the tag 17.
Device# configure terminal
Device(config)# interface GigabitEthernet0/0/0
Device(config-if)# ip address 10.1.1.1 255.255.255.0
Device(config-if)# ip router isis ipfrr
Device(config-if)# isis tag 17
Device(config-if)# exit
Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# ip address 192.168.255.2 255.255.255.0
Device(config-if)# ip router isis ipfrr
Device(config-if)# isis tag 17
Device(config-if)# exit
Device(config)# router isis ipfrr
Device(config-router)# net 49.0001.0001.0001.0001.00
Device(config-router)# fast-reroute per-prefix level-2
The following example shows how to configure IPv4 LFA FRR on other routers as shown in the
above figure. Other routers can use tag 17 to calculate repair paths for the two prefixes configured
in Router A.
Table 4: Feature Information for Configuring IPv4 Loop-Free Alternate Fast Reroute
Suppress Threshold
The suppress threshold is the value of the accumulated penalty that triggers the router to dampen a flapping
interface. The flapping interface is identified by the router and assigned a penalty for each up and down state
change, but the interface is not automatically dampened. The router tracks the penalties that a flapping interface
accumulates. When the accumulated penalty reaches the default or preconfigured suppress threshold, the
interface is placed in a dampened state.
Half-Life Period
The half-life period determines how fast the accumulated penalty can decay exponentially. When an interface
is placed in a dampened state, the router monitors the interface for additional up and down state changes. If
the interface continues to accumulate penalties and the interface remains in the suppress threshold range, the
interface will remain dampened. If the interface stabilizes and stops flapping, the penalty is reduced by half
after each half-life period expires. The accumulated penalty will be reduced until the penalty drops to the
reuse threshold. The configurable range of the half-life period timer is from 1 to 30 seconds. The default
half-life period timer is 5 seconds.
Reuse Threshold
When the accumulated penalty decreases until the penalty drops to the reuse threshold, the route is unsuppressed
and made available to the other devices on the network. The range of the reuse value is from 1 to 20,000
penalties. The default value is 1000 penalties.
Affected Components
When an interface is not configured with dampening, or when an interface is configured with dampening but
is not suppressed, the routing protocol behavior as a result of interface state transitions is not changed by the
IP Event Dampening feature. However, if an interface is suppressed, the routing protocols and routing tables
are immune to any further state transitions of the interface until it is unsuppressed.
Route Types
The following interfaces are affected by the configuration of this feature:
• Connected routes:
• The connected routes of dampened interfaces are not installed into the routing table.
• When a dampened interface is unsuppressed, the connected routes will be installed into the routing
table if the interface is up.
• Static routes:
• Static routes assigned to a dampened interface are not installed into the routing table.
• When a dampened interface is unsuppressed, the static route will be installed into the routing table
if the interface is up.
Note Only the primary interface can be configured with this feature, and all subinterfaces are subject to the same
dampening configuration as the primary interface. IP Event Dampening does not track the flapping of individual
subinterfaces on an interface.
Supported Protocols
The IP Event Dampening feature supports Routing Information Protocol (RIP), Open Shortest Path First
(OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Intermediate System-to-Intermediate System
(IS-IS), Border Gateway Protocol (BGP), Connectionless Network Services (CLNS), and Hot Standby Routing
Protocol (HSRP). The following list provides some general information about the operation of this feature
with these protocols.
• RIP, OSPF, EIGRP, IS-IS, and BGP:
• When an interface is dampened, the interface is considered to be down by the routing protocol. The
routing protocol will not hold any adjacencies with this peer router over the dampened interface or
generate advertisements of any routes related to this interface to other peer routers.
• When the interface is unsuppressed and made available to the network, the interface will be considered
by the routing protocols to be up. The routing protocols will be notified that the interface is in an
up state and routing conditions will return to normal.
• HSRP:
• When an interface is dampened, it is considered to be down by HSRP. HSRP will not generate
HSRP messages out of the dampened interface or respond to any message received by the dampened
interface. When the interface is unsuppressed and made available to the network, HSRP will be
notified of the up state and will return to normal operations.
• CLNS:
• When an interface is dampened, the interface is dampened to both IP and CLNS routing equally.
The interface is dampened to both IP and CLNS because integrated routing protocols like IS-IS, IP,
and CLNS routing are closely interconnected, so it is impossible to apply dampening separately.
Note The IP Event Dampening feature has no effect on any routing protocols if it is not enabled or an interface is
not dampened.
Network Deployments
In real network deployments, some routers may not be configured with interface dampening, and all routers
may not even support this feature. No major routing issues are expected, even if the router at the other end of
a point-to-point interface or routers of the same multicast LAN do not have interface dampening turned on
or do not have this feature implemented. On the router, where the interface is dampened, routes associated
with the interface will not be used. No packets will be sent out of this interface, and no routing protocol activity
will be initiated with routers on the other side of the interface. However, routers on the other side can still
install some routes, in their routing tables, that are associated with this subnet because the routers recognize
that their own interfaces are up and can start forwarding packets to the dampened interface. In such situations,
the router with the dampened interface will start forwarding these packets, depending on the routes in its
routing table.
The IP Event Dampening feature does not introduce new information into the network. In fact, the effect of
dampening is to subtract a subset of routing information from the network. Therefore, looping should not
occur as a result of dampening.
Faster Convergence
The IP Event Dampening feature improves convergence times and stability throughout the network by isolating
failures so that disturbances are not propagated. Routers that are not experiencing link flap reach convergence
sooner, because routing tables are not rebuilt each time the offending router leaves and enters the service
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. dampening [half-life-period reuse-threshold] [suppress-threshold max-suppress [restart-penalty]]
5. end
DETAILED STEPS
Router> enable
Step 3 interface type number Enters interface configuration mode and configures the
specified interface.
Example:
Router(config-if)# end
SUMMARY STEPS
1. enable
2. show dampening interface
3. show interface dampening
DETAILED STEPS
Router> enable
Step 3 show interface dampening Displays dampened interfaces on the local router.
Example:
The following example configures interface dampening on ATM interface 2/0/0 and uses the default interface
dampening values:
The following example configures the router to apply a penalty of 500 on Gigabit Ethernet interface 0/0/0
when the interface comes up for the first time after the router is reloaded:
The output of the show interface dampening command displays the summary of the dampening parameters
and the status of interfaces on the local router. The following is sample output from the show interface
dampening command.
Additional References
The following sections provide references related to the IP Event Dampening feature.
Related Documents
Standards
Standard Title
No new or modified standards are supported by this feature, and support for existing standards has not --
been modified by this feature.
MIBs
No new or modified MIBs are supported by this To locate and download MIBs for selected platforms, Cisco
feature, and support for existing MIBs has not IOS XE software releases, and feature sets, use Cisco MIB
been modified by this feature. Locator found at the following URL:
http://www.cisco.com/go/mibs
RFCs
RFC Title
No new or modified RFCs are supported by this feature, and support for existing standards has not --
been modified by this feature.
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/techsupport
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you
can subscribe to various services, such as the Product Alert Tool (accessed
from Field Notices), the Cisco Technical Services Newsletter, and Really
Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com
user ID and password.
IP Event Cisco IOS XE The IP Event Dampening feature introduces a configurable exponential
Dampening Release 2.1 decay mechanism to suppress the effects of excessive interface flapping
events on routing protocols and routing tables in the network. This
feature allows the network operator to configure a router to automatically
identify and selectively dampen a local interface that is flapping.
This feature was introduced on the Cisco ASR 1000 Series Aggregation
Services Routers.
The following commands were introduced by this feature: dampening,
debug dampening, show dampening interface, show interface
dampening.
Glossary
event dampening --The process in which a router dampens a flapping interface from the perspective of the
routing tables and routing protocols of IP by filtering the excessive route adjust message because of the
interface state change.
Flap --Rapid interface state changes from up to down and down to up within a short period of time.
half life --The rate of the exponential decay of the accumulated penalty is determined by this value.
maximum penalty --The maximum value beyond which the penalty assigned does not increase. It is derived
from the maximum suppress time.
maximum suppress time --The maximum amount of time the interface can stay suppressed at the time a
penalty is assigned.
penalty --A value assigned to an interface when it flaps. This value increases with each flap and decreases
over time. The rate at which it decreases depends on the half life.
reuse threshold --The threshold value after which the interface will be unsuppressed and can be used again.
suppress threshold --Value of the accumulated penalty that triggers the router to dampen a flapping interface.
When the accumulated penalty exceeds this value, the interface state is considered to be down from the
perspective of the routing protocol.
suppressed --Suppressing an interface removes an interface from the network from the perspective of the
routing protocol. An interface enters the suppressed state when it has flapped frequently enough for the penalty
assigned to it to cross a threshold limit.
PBR Recursive Next Hope for IPv6 does not support load sharing.
If both a next-hop address and a recursive next-hop IP address are present in the same route-map entry, the
next hop is used. If the next hop is not available, the recursive next hop is used. If the recursive next hop is
not available and no other IP address is present, the packet is routed using the default routing table; it is not
dropped. If the packet is supposed to be dropped, use the set ip next-hopcommand with the recursive keyword,
followed by a set interface null0 configuration.
Perform this task to set the IP address for the recursive next-hop router.
Note Only one recursive next-hop IP address is supported per route-map entry.
>
SUMMARY STEPS
1. enable
2. configure terminal
3. access-list access-list-number {deny | permit} source[source-wildcard] [log]
4. route-map map-tag
5. Do one of the following:
• set ip next-hop ip-address
• set ipv6 next-hop ip-address
6. Do one of the following:
• set ip next-hop {ip-address [...ip-address] | recursive ip-address}
• set ipv6 next-hop {ipv6-address [...ipv6-address] | recursive ipv6-address}
7. Do one of the following:
• match ip address access-list-number
• match ipv6 address {prefix-list prefix-list-name |access-list-name}
8. end
DETAILED STEPS
Router> enable
Step 3 access-list access-list-number {deny | permit} Configures an access list. The example configuration
source[source-wildcard] [log] permits any source IP address that falls within the 10.60.0.0.
0.0.255.255 subnet.
Example:
Step 4 route-map map-tag Enables policy routing and enters route-map configuration
mode.
Example:
Step 5 Do one of the following: Sets a next-hop router IPv4 or IPv6 address.
• set ip next-hop ip-address Note Set this IPv4/IPv6 address separately from the
• set ipv6 next-hop ip-address next-hop recursive router configuration.
Example:
Example:
Router(config-route-map)# set ipv6 next-hop
2001:DB8:2003:1::95
Example:
Router(config-route-map)# set ipv6 next-hop
recursive 2001:DB8:2003:2::95
Example:
Router(config-route-map)# match ipv6 address kmd
Router(config-route-map)# end
SUMMARY STEPS
1. show running-config | begin abccomp
2. show route-map map-name
DETAILED STEPS
route-map abccomp
set ip next-hop 10.1.1.1
set ip next-hop 10.2.2.2
set ip next-hop recursive 10.3.3.3
set ip next-hop 10.4.4.4
The following example shows the configuration of IPv6 address 2001:DB8:2003:1::95 as the recursive next-hop
router:
route-map abccomp
set ipv6 next-hop 2001:DB8:2003:1::95
set ipv6 next-hop 2001:DB8:2004:3::96
set ipv6 next-hop recursive 2001:DB8:2005:2::95
set ipv6 next-hop 2001:DB8:2006:1::95
Changing the maximum number of paths "BGP Multipath Load Sharing for Both eBGP and iBGP
in an MPLS-VPN" module in the BGP Configuration
Guide
BGP route map configuration tasks and "Connecting to a Service Provider Using External BGP"
configuration examples. module in the BGP Configuration Guide
BGP communities and route maps. "BGP Cost Community" module in the BGP Configuration
Guide
IPv6 Policy-Based Routing "IPv6 Policy-Based Routing " module in the IP Routing:
Protocol-Independent Configuration Guide
RFCs
RFC Title
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/techsupport
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you
can subscribe to various services, such as the Product Alert Tool (accessed
from Field Notices), the Cisco Technical Services Newsletter, and Really
Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com
user ID and password.
Clients such as Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), Gateway
Load Balancing Protocol (GLBP), and (with this feature) PBR can register their interest in specific, tracked
objects and then take action when the state of the objects changes.
SUMMARY STEPS
1. enable
2. configure terminal
3. rtr operation-number
4. type echo protocol protocol-type target [source-ipaddr ip-address]
5. exit
6. rtr schedule operation-number [life {forever | seconds}] [start-time {hh : mm[: ss] [month day |
day month] | pending | now | after hh : mm : ss}] [ageout seconds]
7. track object-number rtr entry-number [reachability]
8. delay {up seconds [down seconds] | [up seconds] down seconds}
9. exit
10. interface type number
11. ip address ip-address mask [secondary]
12. ip policy route-map map-tag
13. exit
14. route-map map-tag [permit | deny] [sequence-number]
DETAILED STEPS
Router> enable
Step 3 rtr operation-number Enters SAA RTR configuration mode and configures an
SAA operation.
Example:
Router(config)# rtr 1
Step 4 type echo protocol protocol-type target [source-ipaddr Configures an SAA end-to-end echo response time probe
ip-address] operation.
Example:
Step 5 exit Exits SAA RTR configuration mode and returns the router
to global configuration mode.
Example:
Router(config-rtr)# exit
Step 6 rtr schedule operation-number [life {forever | seconds}] Configures the time parameters for the SAA operation.
[start-time {hh : mm[: ss] [month day | day month] |
pending | now | after hh : mm : ss}] [ageout seconds]
Example:
Step 7 track object-number rtr entry-number [reachability] Tracks the reachability of a Response Time Reporter (RTR)
object and enters tracking configuration mode.
Example:
Step 8 delay {up seconds [down seconds] | [up seconds] down (Optional) Specifies a period of time (in seconds) to delay
seconds} communicating state changes of a tracked object.
Example:
Step 9 exit Exits tracking configuration mode and returns the router
to global configuration mode.
Example:
Router(config-track)# exit
Step 10 interface type number Specifies an interface type and number and enters interface
configuration mode.
Example:
Step 11 ip address ip-address mask [secondary] Specifies a primary or secondary IP address for an
interface.
Example:
• See the "Configuring IPv4 Addresses" chapter of the
Router(config-if)# ip address 10.1.1.11 255.0.0.0 Cisco IOS IP Addressing Services Configuration
Guide for information on configuring IPv4 addresses.
Step 12 ip policy route-map map-tag Enables policy routing and identifies a route map to be
used for policy routing.
Example:
Step 13 exit Exits interface configuration mode and returns the router
to global configuration mode.
Example:
Router(config-if)# exit
Step 14 route-map map-tag [permit | deny] [sequence-number] Specifies a route map and enters route-map configuration
mode.
Example:
Step 15 set ip next-hop verify-availability [next-hop-address Configures the route map to verify the reachability of the
sequence track object] tracked object.
Example:
Step 16 end Exits route-map configuration mode and returns the router
to privileged EXEC mode.
Example:
Router(config-route-map)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. ip sla monitor operation-number
4. type echo protocol ipIcmpEcho {destination-ip-address| destination-hostname}[source-ipaddr
{ip-address| hostname} | source-interface interface-name]
5. exit
6. ip sla monitor schedule operation-number [life {forever | seconds}] [start-time {hh : mm[: ss]
[month day | day month] | pending | now | after hh : mm : ss}] [ageout seconds] [recurring]
7. track object-number rtr entry-number [reachability| state]
8. delay {up seconds [down seconds] | [up seconds] down seconds}
9. exit
10. interface type number
11. ip address ip-address mask [secondary]
12. ip policy route-map map-tag
13. exit
14. route-map map-tag [permit | deny] [sequence-number] [
15. set ip next-hop verify-availability [next-hop-address sequence track object]
16. end
17. show track object-number
18. show route-map [map-name| all| dynamic]
DETAILED STEPS
Device> enable
Step 3 ip sla monitor operation-number Starts a Cisco IOS IP Service Level Agreement (SLA)
operation configuration and enters IP SLA monitor
Example:
configuration mode.
Device(config)# ip sla monitor 1
Step 5 exit Exits IP SLA monitor configuration mode and returns the
device to global configuration mode.
Example:
Device(config-sla-monitor)# exit
Step 6 ip sla monitor schedule operation-number [life {forever Configures the scheduling parameters for a single Cisco
| seconds}] [start-time {hh : mm[: ss] [month day | day IOS IP SLA operation.
month] | pending | now | after hh : mm : ss}] [ageout
• In this example, the time parameters for the IP SLA
seconds] [recurring]
operation are configured.
Example:
Step 7 track object-number rtr entry-number [reachability| Tracks the reachability of a Response Time Reporter (RTR)
state] object and enters tracking configuration mode.
Example:
Step 8 delay {up seconds [down seconds] | [up seconds] down (Optional) Specifies a period of time, in seconds, to delay
seconds} communicating state changes of a tracked object.
Example:
Step 9 exit Exits tracking configuration mode and returns the device
to global configuration mode.
Example:
Device(config-track)# exit
Step 10 interface type number Specifies an interface type and number and enters interface
configuration mode.
Example:
Step 11 ip address ip-address mask [secondary] Specifies a primary or secondary IP address for an
interface.
Example:
Step 12 ip policy route-map map-tag Enables policy routing and identifies a route map to be
used for policy routing.
Example:
Step 13 exit Exits interface configuration mode and returns the device
to global configuration mode.
Example:
Device(config-if)# exit
Step 14 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed.
Example:
Step 15 set ip next-hop verify-availability [next-hop-address Configures the route map to verify the reachability of the
sequence track object] tracked object.
Example: • In this example, the policy is configured to forward
packets received on serial interface 2/0 to 10.1.1.1 if
Device(config-route-map)# set ip next-hop that device is reachable.
verify-availability 10.1.1.1 10 track 123
Step 16 end Exits route-map configuration mode and returns the device
to privileged EXEC mode.
Example:
Device(config-route-map)# end
Step 18 show route-map [map-name| all| dynamic] (Optional) Displays route map information.
Example: • In this example, information about the route map
named alpha is displayed. See the display output in
Device# show route-map alpha the "Examples" section of this task.
Examples
The following output from the show track command shows that the tracked object 123 is reachable.
The following output from the show route-map command shows information about the route map
named alpha that was configured in the task.
Additional References
The following sections provide references related to the PBR Support for Multiple Tracking Options feature.
Related Documents
Object tracking within Cisco IOS Configuring Enhanced Object Tracking" chapter of the Cisco IOS
software IP Application Services Configuration Guide
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/techsupport
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you
can subscribe to various services, such as the Product Alert Tool (accessed
from Field Notices), the Cisco Technical Services Newsletter, and Really
Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com
user ID and password.
Command Reference
The following commands are introduced or modified in the feature or features documented in this module.
For information about these commands, see the Cisco IOS IP Routing: Protocol-Independent Command
Reference. For information about all Cisco IOS commands, use the Command Lookup Tool at
http://tools.cisco.com/Support/CLILookup or the Cisco IOS Master Command List, All Releases , at
http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html.
• set ip next-hop verify-availability
Table 7: Feature Information for PBR Support for Multiple Tracking Options
PBR Support for The PBR Support for Multiple Tracking Options feature extends the
Multiple Tracking capabilities of object tracking using Cisco Discovery Protocol (CDP) to
Options allow the policy-based routing (PBR) process to verify object availability
by using additional methods. The verification method can be an Internet
Control Message Protocol (ICMP) ping, a User Datagram Protocol (UDP)
ping, or an HTTP GET request.
The following commands were introduced or modified by this feature:
set ip next-hop verify-availability.
During redistribution, the routing protocols check the route map for matches with existing routes. This provides
an exact route map that corresponds to the specific match criteria. When you apply this route map with the
match track object, the device checks the status of the match track object and provides a specific route map.
Figure 6: Route map on redistribution using routing protocols
The device uses Border Gateway Protocol (BGP) for route-filtering and distribution. The device uses the
existing notification mechanism to notify the routing protocols about the new match clause and also notifies
the routing protocols about any change in the match track object status depending upon the Policy-Based
Routing (PBR) query on redistribution.
DETAILED STEPS
Step 3 route-map map-tag Enables policy routing and enters route-map configuration
mode.
Example:
Device(config)# route-map abc
Step 4 match track track-object-number Tracks the stub object. Value ranges from 1 to 1000.
Example: Note This command is effective only when the track
Device(config-route-map)# match track 2 object specified is available on the device.
DETAILED STEPS
Step 2 show route-map map-name Displays brief information about a specific route-map.
Example:
Device# show route-map abc
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
• Process
• Cisco Express Forwarding (formerly known as CEF)
• Distributed Cisco Express Forwarding
Policies can be based on the IPv6 address, port numbers, protocols, or packet size.
PBR allows you to perform the following tasks:
• Classify traffic based on extended access list criteria. Access lists, then, establish the match criteria.
• Set IPv6 precedence bits, giving the network the ability to enable differentiated classes of service.
• Route packets to specific traffic-engineered paths; you might need to route them to allow a specific
quality of service (QoS) through the network.
PBR allows you to classify and mark packets at the edge of the network. PBR marks a packet by setting
precedence value. The precedence value can be used directly by devices in the network core to apply the
appropriate QoS to a packet, which keeps packet classification at your network edge.
You must configure policy-based routing (PBR) on the interface that receives the packet, and not on the
interface from which the packet is sent.
Packet Matching
Policy-based routing (PBR) for IPv6 will match packets using the match ipv6 address command in the
associated PBR route map. Packet match criteria are those criteria supported by IPv6 access lists, as follows:
• Input interface
• Source IPv6 address (standard or extended access control list [ACL])
• Destination IPv6 address (standard or extended ACL)
• Protocol (extended ACL)
• Source port and destination port (extended ACL)
Packets may also be matched by length using the match length command in the PBR route map.
Match statements are evaluated first by the criteria specified in the match ipv6 address command and then
by the criteria specified in the match length command. Therefore, if both an ACL and a length statement are
used, a packet will first be subject to an ACL match. Only packets that pass the ACL match will be subject
to the length match. Finally, only packets that pass both the ACL and the length statement will be policy
routed.
Note The order in which PBR evaluates the set statements is the order in which they are listed above. This order
may differ from the order in which route-map set statements are listed by show commands.
Some applications or traffic can benefit from Quality of Service (QoS)-specific routing; for example, you
could transfer stock records to a corporate office on a higher-bandwidth, higher-cost link for a short time
while sending routine application data such as e-mail over a lower-bandwidth, lower-cost link.
SUMMARY STEPS
1. enable
2. configure terminal
3. route-map map-tag [permit | deny] [sequence-number] [
4. Do one of the following:
• match length minimum-length maximum-length
• match ipv6 address {prefix-list prefix-list-name | access-list-name}
5. Do one of the following:
• set ipv6 precedence precedence-value
• set ipv6 next-hop global-ipv6-address [global-ipv6-address...]
• set interface type number [...type number]
• set ipv6 default next-hop global-ipv6-address [global-ipv6-address...]
• set default interface type number [...type number]
• set vrf vrf-name
6. exit
7. interface type number
8. ipv6 policy route-map route-map-name
9. end
DETAILED STEPS
Device> enable
Step 3 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed. .
Example:
Example:
Step 5 Do one of the following: Specifies the action or actions to take on the packets that
match the criteria.
• set ipv6 precedence precedence-value
• set ipv6 next-hop global-ipv6-address • You can specify any or all of the following:
[global-ipv6-address...] • Sets precedence value in the IPv6 header.
• set interface type number [...type number] • Sets next hop to which to route the packet (the
• set ipv6 default next-hop global-ipv6-address next hop must be adjacent).
[global-ipv6-address...] • Sets output interface for the packet.
• set default interface type number [...type number] • Sets next hop to which to route the packet, if there
• set vrf vrf-name is no explicit route for this destination.
Example: • Sets output interface for the packet, if there is no
explicit route for this destination.
Device(config-route-map)# set ipv6 precedence 1 • Sets VRF instance selection within a route map
for a policy-based routing VRF selection.
Example:
Example:
Example:
Example:
Example:
Device(config-route-map)# exit
Step 7 interface type number Specifies an interface type and number, and places the router
in interface configuration mode.
Example:
Step 8 ipv6 policy route-map route-map-name Identifies a route map to use for IPv6 PBR on an interface.
Example:
Device(config-if)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. ipv6 local policy route-map route-map-name
4. end
DETAILED STEPS
Device> enable
Step 3 ipv6 local policy route-map route-map-name Configures IPv6 PBR for packets generated by the device.
Example:
Device(config)# end
DETAILED STEPS
Device> enable
Step 2 show ipv6 policy Displays IPv6 policy routing packet activity.
Example:
SUMMARY STEPS
1. enable
2. show route-map [map-name | dynamic [dynamic-map-name | application [application-name]] | all]
[detailed]
3. debug ipv6 policy [access-list-name]
DETAILED STEPS
Device> enable
Step 2 show route-map [map-name | dynamic Displays all route maps configured or only the one specified.
[dynamic-map-name | application [application-name]] |
all] [detailed]
Example:
Step 3 debug ipv6 policy [access-list-name] Enables debugging of the IPv6 policy routing packet
activity.
Example:
Interface Routemap
GigabitEthernet0/0/0 src-1
MIBs
No new or modified MIBs are supported by this To locate and download MIBs for selected platforms, Cisco
feature, and support for existing MIBs has not software releases, and feature sets, use Cisco MIB Locator
been modified by this feature. found at the following URL:
http://www.cisco.com/go/mibs
Technical Assistance
Description Link
RestrictionsforMulti-VRFSelectionUsingPolicy-BasedRouting
• All commands that aid in routing also support hardware switching, except for the set ip next-hop verify
availability command because Cisco Discovery Protocol information is not available in the line cards.
• Protocol Independent Multicast (PIM) and multicast packets do not support policy-based routing (PBR)
and cannot be configured for a source IP address that is a match criterion for this feature.
• The set vrf and set ip global next-hop commands can be configured with the set default interface, set
interface , set ip default next-hop, and set ip next-hop commands. But the set vrf and set ip global
next-hop commands take precedence over the set default interface, set interface , set ip default
next-hop, and set ip next-hop commands. No error message is displayed if you attempt to configure the
set vrf command with any of these three set commands.
• The Multi-VRF Selection Using Policy-Based Routing feature cannot be configured with IP prefix lists.
• The set global and set vrf commands cannot be simultaneously applied to a route map.
• The Multi-VRF Selection Using Policy-Based Routing feature supports VRF-lite; that is, only IP routing
protocols run on the device. Multiprotocol Label Switching (MPLS) and Virtual Private Networks (VPNs)
cannot be configured. However, the set vrf command will work in MPLS VPN scenarios.
• If you delete one VRF using no vrf definition vrf-name command, then other VRFs in the VRF routing
table are also removed unexpectedly; when ip vrf receive command is configured with receive entries
above 400, and IPv4 and IPv6 routes above 2000. This is applicable only for Cisco ASR 1000 platform.
• In a VRF receive scenario, the memory requirements are proportional to the number of VRF receives
that are configured multiplied by the number of directly connected neighbours (Cisco Express Forwarding
adjacencies). When the ip vrf receive command is configured, Cisco Express Forwarding adjacency
prefixes are copied to the VRF. Network resources might be exhausted based on number of bytes per
each adjacency prefix, number of adjacency prefixes, number of VRF receives configured, and the
platform-specific route processor memory restrictions applicable to Cisco Express Forwarding entries.
Policy routing is defined in the route map. The route map is applied to the incoming interface with the ip
policy route-map interface configuration command. An IP access list is applied to the route map with the
match ip address route-map configuration command. Packet length match criteria are applied to the route
map with the match length route-map configuration command. The set action is defined with the set vrf
route-map configuration command. The match criteria are evaluated, and the appropriate VRF is selected by
the set command. This combination allows you to define match criteria for incoming VPN traffic and policy
route VPN packets out to the appropriate virtual routing and forwarding (VRF) instance.
• set ip global next-hop—Indicates where to forward IPv4 packets that pass a match criterion of a route
map for policy routing and for which the Cisco software uses the global routing table. The global keyword
explicitly defines that IPv4 next-hops are under the global routing table.
• set ipv6 global next-hop—Indicates where to forward IPv6 packets that pass a match criterion of a route
map for policy routing and for which the Cisco software uses the global routing table. The global keyword
explicitly defines that IPv6 next-hops are under the global routing table.
• set interface—When packets enter a VRF, routes the packets out of the egress interface under the same
VRF according to the set interface policy, provided that the Layer 2 rewrite information is available.
• set ip default vrf—Provides IPv4 inherit-VRF and inter-VRF routing. With inherit-VRF routing, IPv4
packets arriving at a VRF interface are routed by the same outgoing VRF interface. With inter-VRF
routing, IPv4 packets arriving at a VRF interface are routed through any other outgoing VRF interface.
• set ipv6 default vrf—Provides IPv6 inherit-VRF and inter-VRF routing. With inherit-VRF routing, IPv6
packets arriving at a VRF interface are routed by the same outgoing VRF interface. With inter-VRF
routing, IPv6 packets arriving at a VRF interface are routed through any other outgoing VRF interface.
• set ip default global—Provides IPv4 VRF to global routing.
• set ipv6 default global—Provides IPv6 VRF to global routing.
• set default interface—Indicates where to output packets that pass a match criterion of a route map for
policy routing and have no explicit route to the destination. The interface can belong to any VRF.
• set ip default next-hop—Indicates where to output IPv4 packets that pass a match criterion of a route
map for policy routing and for which the Cisco software has no explicit route to a destination.
• set ipv6 default next-hop—Indicates where to IPv6 output packets that pass a match criterion of a route
map for policy routing and for which the Cisco software has no explicit route to a destination.
• set ip default next-hop—Indicates where to output IPv4 packets that pass a match criterion of a route
map for policy routing and for which the Cisco software has no explicit route to a destination.
• set ipv6 default next-hop—Indicates where to output IPv6 packets that pass a match criterion of a route
map for policy routing and for which the Cisco software has no explicit route to a destination.
• set ip next-hop—Indicates where to output IPv4 packets that pass a match criterion of a route map for
policy routing. If an IPv4 packet is received on a VRF interface and is transmitted from another interface
within the same VPN, the VRF context of the incoming packet is inherited from the interface.
• set ipv6 next-hop—Indicates where to output IPv6 packets that pass a match criterion of a route map
for policy routing. If an IPv6 packet is received on a VRF interface and is transmitted from another
interface within the same Virtual Private Network (VPN), the VRF context of the incoming packet is
inherited from the interface.
• set ip next-hop—Routes IPv4 packets through the global routing table in an IPv4-to-IPv4 routing and
forwarding environment.
• set ipv6 next-hop—Routes IPv6 packets through the global routing table in an IPv6-to-IPv6 routing and
forwarding environment.
• set vrf—Selects the appropriate VRF after a successful match occurs in the route map. VRS-aware PSV
allows only inter-VRF (or VRF-to-VRF) switching.
Configuring Multi-VRF Selection Using Policy-Based Routing with a Standard Access List
SUMMARY STEPS
1. enable
2. configure terminal
3. access-list access-list-number {deny | permit} [source source-wildcard] [log]
DETAILED STEPS
Device> enable
Step 3 access-list access-list-number {deny | permit} [source Creates an access list and defines the match criteria for the
source-wildcard] [log] route map.
Example: • Match criteria can be defined based on IP addresses,
IP address ranges, and other IP packet access list
Device(config)# access-list 40 permit source filtering options. Named, numbered, standard, and
10.1.1.0/24 0.0.0.255 extended access lists are supported. You can use all
IP access list configuration options to define match
criteria.
• The example creates a standard access list numbered
40. This filter permits traffic from any host with an IP
address in the 10.1.1.0/24 subnet.
Configuring Multi-VRF Selection Using Policy-Based Routing with a Named Extended Access List
To configure Multi-VRF Selection using Policy-Based Routing (PBR) with a named extended access list,
complete the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip access-list {standard | extended} [access-list-name | access-list-number]
4. [sequence-number] {permit | deny} protocol source source-wildcard destination destination-wildcard
[option option-value] [precedence precedence] [tostos] [ttl operator-vaue] [log] [time-range
time-range-name] [fragments]
DETAILED STEPS
Device> enable
Step 4 [sequence-number] {permit | deny} protocol source Defines the criteria for which the access list will permit or
source-wildcard destination destination-wildcard [option deny packets.
option-value] [precedence precedence] [tostos] [ttl
• Match criteria can be defined based on IP addresses,
operator-vaue] [log] [time-range time-range-name]
IP address ranges, and other IP packet access list
[fragments]
filtering options. Named, numbered, standard, and
Example: extended access lists are supported. You can use all
IP access list configuration options to define match
Device(config-ext-nacl)# permit ip any any option criteria.
any-options
• The example creates a named access list that permits
any configured IP option.
SUMMARY STEPS
1. enable
2. configure terminal
3. named-ordering-route-map enable ]
4. route-map map-tag [permit | deny] [sequence-number] [
5. Do one of the following :
• set ip vrf vrf-name next-hop global-ipv4-address [...global-ipv4-address]
• set ipv6 vrf vrf-name next-hop global-ipv6-address [...global-ipv6-address]
• set ip next-hop recursive vrf global-ipv4-address [...global-ipv4-address]
• set ip global next-hop global-ipv4-address [...global-ipv4-address]
• set ipv6 global next-hop global-ipv6-address [...global-ipv6-address]
6. Do one of the following:
DETAILED STEPS
Device> enable
Step 4 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed. .
Example:
Step 5 Do one of the following : Indicates where to forward packets that pass a match
criterion of a route map for policy routing when the IPv4
• set ip vrf vrf-name next-hop global-ipv4-address
next hop must be under a specified VRF.
[...global-ipv4-address]
• set ipv6 vrf vrf-name next-hop global-ipv6-address Indicates where to forward packets that pass a match
[...global-ipv6-address] criterion of a route map for policy routing when the IPv6
• set ip next-hop recursive vrf global-ipv4-address next hop must be under a specified VRF.
[...global-ipv4-address] Indicates the IPv4 address to which destination or next hop
• set ip global next-hop global-ipv4-address is used for packets that pass the match criterion configured
[...global-ipv4-address] in the route map.
• set ipv6 global next-hop global-ipv6-address
Indicates the IPv4 address to forward packets that pass a
[...global-ipv6-address]
match criterion of a route map for policy routing and for
Example: which the software uses the global routing table.
Indicates the IPv6 address to forward packets that pass a
Device(config-route-map)# set ip vrf myvrf next-hop
10.0.0.0 match criterion of a route map for policy routing and for
which the software uses the global routing table.
Example:
Example:
Example:
Step 6 Do one of the following: Distributes any routes that have a destination network
number address that is permitted by a standard or extended
• match ip address {acl-number [acl-name |
access list, and performs policy routing on matched packets.
acl-number]}
IP access lists are supported.
• match length minimum-lengthmaximum-length
• The example configures the route map to use standard
Example: access list 1 to define match criteria.
Device(config-route-map)# match ip address 1
or
Specifies the Layer 3 packet length in the IP header as a
match criterion in a class map.
Example:
• The example configures the route map to match
Device(config-route-map)# match length 3 200
packets that are 3 to 200 bytes in length.
Device(config-route-map)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number [name-tag]
DETAILED STEPS
Device> enable
Step 3 interface type number [name-tag] Configures an interface and enters interface configuration
mode.
Example:
Step 4 ip policy route-map map-tag Identifies a route map to use for policy routing on an
interface.
Example:
• The configuration example attaches the route map
Device(config-if)# ip policy route-map map1 named map1 to the interface.
Step 5 ip vrf receive vrf-name Adds the IP addresses that are associated with an interface
into the VRF table.
Example:
• This command must be configured for each VRF that
Device(config-if)# ip vrf receive VRF-1 will be used for VRF selection.
Device(config-if)# end
SUMMARY STEPS
1. show ip access-list [access-list-number | access-list-name]
2. show route-map [map-name]
3. show ip policy
DETAILED STEPS
The output displays the match criteria and set action for each route-map sequence. The output also displays the number
of packets and bytes that have been policy routed per each route-map sequence.
Example:
The following show route-map command displays output from the set ip vrf next-hop command:
Example:
The following show route-map command displays output from the set ip global command:
Example:
The following show ip policy command output displays the interface and associated route map that is configured for
policy routing:
Example:
The following example shows a set ip global command that specifies that the device should use the next hop
address 10.0.0.1 in the global routing table:
Additional References
Related Documents
MPLS and MPLS applications commands Cisco IOS Multiprotocol Label Switching Command Reference
Technical Assistance
Description Link
FeatureInformationforMulti-VRFSelectionUsingPolicy-Based
Routing
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
IPv6 VRF-Aware PBR Next-hop 15.2(2)S In Cisco IOS Release 15.2(2)S, this
Enhancement feature was introduced.
Cisco IOS XE Release 3.6S
In Cisco IOS XE Release 3.6S, this
feature was implemented on the
Cisco ASR 1000 Series
Aggregation Services Routers.
The following commands were
introduced: set ipv6 default
next-hop, set ipv6 next-hop (PBR)
Glossary
CE device—customer edge device. A device that is part of a customer network and that interfaces to a provider
edge (PE) device.
Inherit-VRF routing—Packets arriving at a VRF interface are routed by the same outgoing VRF interface.
Inter-VRF routing—Packets arriving at a VRF interface are routed via any other outgoing VRF interface.
IP—Internet Protocol. Network layer protocol in the TCP/IP stack offering a connectionless internetwork
service. IP provides features for addressing, type-of-service specification, fragmentation and reassembly, and
security. Defined in RFC 791.
PBR—policy-based routing. PBR allows a user to manually configure how received packets should be routed.
PE device—provider edge device. A device that is part of a service provider’s network and that is connected
to a CE device. It exchanges routing information with CE devices by using static routing or a routing protocol
such as BGP, RIPv1, or RIPv2.
VPN—Virtual Private Network. A collection of sites sharing a common routing table. A VPN provides a
secure way for customers to share bandwidth over an ISP backbone network.
VRF—A VPN routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding
table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine
what goes into the forwarding table.
VRF-lite—A feature that enables a service provider to support two or more VPNs, where IP addresses can
be overlapped among the VPNs.
• Label distribution for a given VPN routing and forwarding (VRF) instance on a given device can be
handled by either Border Gateway Protocol (BGP) or Label Distribution Protocol (LDP), but not by both
protocols at the same time.
• Multicast cannot operate on a Layer 3 interface that is configured with the Multi-VRF Support feature.
With the Multi-VRF Support feature, two or more customers can share one CE device, and only one physical
link is used between the CE and the PE devices. The shared CE device maintains separate VRF tables for
each customer and routes packets for each customer based on that customer’s own routing table. The Multi-VRF
Support feature extends limited PE device functionality to a CE device, giving it the ability, through the
maintenance of separate VRF tables, to extend the privacy and security of a VPN to the branch office.
The figure below shows a configuration where each CE device acts as if it were two CE devices. Because the
Multi-VRF Support feature is a Layer 3 feature, each interface associated with a VRF must be a Layer 3
interface.
How Packets Are Forwarded in a Network Using the Multi-VRF Support Feature
Following is the packet-forwarding process in an Multi-VRF customer edge (CE)-enabled network, as illustrated
in the figure above:
• When the CE receives a packet from a Virtual Private Network (VPN), it looks up the routing table based
on the input interface. When a route is found, the CE imposes the Multiprotocol Label Switching (MPLS)
label that it received from the provider edge (PE) for that route and forwards the packet to the PE.
• When the ingress PE receives a packet from the CE, it swaps the incoming label with the corresponding
label stack and sends the packet to the MPLS network.
• When an egress PE receives a packet from the network, it swaps the VPN label with the label that it had
earlier received for the route from the CE, and it forwards the packet to the CE.
• When a CE receives a packet from an egress PE, it uses the incoming label on the packet to forward the
packet to the correct VPN.
To configure Multi-VRF, you create a VRF table and then specify the Layer 3 interface associated with that
VRF. Next, you configure the routing protocols within the VPN, and between the CE and the PE. The Border
Gateway Protocol (BGP) is the preferred routing protocol for distributing VPN routing information across
the provider’s backbone.
The Multi-VRF network has three major components:
• VPN route target communities: These are lists of all other members of a VPN community. You must
configure VPN route targets for each VPN community member.
• Multiprotocol BGP peering of VPN community PE devices: This propagates VRF reachability information
to all members of a VPN community. You must configure BGP peering in all PE devices within a VPN
community.
• VPN forwarding: This transports all traffic between VPN community members across a VPN
service-provider network.
The following are the supported flavors of multicast over VRF on Cisco ASR 920 RSP2 module:
• Multicast with multi-VRF (MPLS VPN/MLDP)
• Multicast with GRE tunnel (MVPN GRE)
• Multicast with VRF-lite
Note Multi-VRF/MVPN GRE configured layer-3 interface cannot participate in more than one VRF at the same
time.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip routing
4. ip vrf vrf-name
5. rd route-distinguisher
6. route-target {export | import | both} route-target-ext-community
7. import map route-map
8. exit
9. interface type slot/subslot/port[.subinterface]
10. ip vrf forwarding vrf-name
11. end
12. show ip vrf
DETAILED STEPS
Device> enable
Device(config)# ip routing
Step 4 ip vrf vrf-name Names the VRF, and enters VRF configuration mode.
Example:
Device(config)# ip vrf v1
Step 6 route-target {export | import | both} Creates a list of import, export, or import and export route
route-target-ext-community target communities for the specified VRF.
Example: Enter either an autonomous system number and an arbitrary
number (xxx:y), or an IP address and an arbitrary number
Device(config-vrf)# route-target export 100:1 (A.B.C.D:y).
Note This command works only if BGP is running.
Device(config-vrf)# exit
Step 9 interface type slot/subslot/port[.subinterface] Specifies the Layer 3 interface to be associated with the
VRF and enters interface configuration mode.
Example:
The interface can be a routed port or an .
Device(config)# interface
Step 10 ip vrf forwarding vrf-name Associates the VRF with the Layer 3 interface.
Example:
When BGP is used as the routing protocol, it can also be used to handle the Multiprotocol Label Switching
(MPLS) label exchange between the PE and CE devices. By contrast, if Open Shortest Path First (OSPF),
Enhanced Interior Gateway Routing Protocol (EIGRP), Routing Information Protocol (RIP), or static routing
is used, the Label Distribution Protocol (LDP) must be used to signal labels.
To configure a BGP PE-to-CE routing session, perform the following steps on the CE and on the PE devices.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp autonomous-system-number
4. network ip-address mask network-mask
5. redistribute ospf process-id match internal
6. network ip-address wildcard-mask area area-id
7. address-family ipv4 vrf vrf-name
8. neighbor {ip-address | peer-group-name} remote-as as-number
9. neighbor address activate
DETAILED STEPS
Device> enable
Step 3 router bgp autonomous-system-number Configures the BGP routing process with the autonomous
system number passed to other BGP devices, and enters
Example:
router configuration mode.
Device(config)# router bgp 100
Step 4 network ip-address mask network-mask Specifies a network and mask to announce using BGP.
Example:
Step 5 redistribute ospf process-id match internal Sets the device to redistribute OSPF internal routes.
Example:
Step 6 network ip-address wildcard-mask area area-id Identifies the network address and mask on which OSPF is
running, and the area ID of that network address.
Example:
Step 8 neighbor {ip-address | peer-group-name} remote-as Informs this device’s BGP neighbor table of the neighbor’s
as-number address (or peer group name) and the neighbor’s
autonomous system number.
Example:
Step 9 neighbor address activate Activates the advertisement of the IPv4 address-family
neighbors.
Example:
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp autonomous-system-number
4. address-family ipv4 vrf vrf-name
5. neighbor address send-label
6. neighbor address activate
7. end
8. configure terminal
9. interface type slot/subslot/port[.subinterface]
10. mpls bgp forwarding
DETAILED STEPS
Device> enable
Step 3 router bgp autonomous-system-number Configures the BGP routing process with the autonomous
system number passed to other BGP devices and enters
Example:
router configuration mode.
Device(config)# router bgp 100
Step 4 address-family ipv4 vrf vrf-name Identifies the name of the VRF instance that will be
associated with the next two commands and enters address
Example:
family configuration mode.
Device(config-router)# address-family ipv4 vrf
v12
Step 5 neighbor address send-label Enables the device to use BGP to distribute MPLS labels
along with the IPv4 routes to the peer devices.
Example:
If a BGP session is running when you issue this command,
Device(config-router-af)# neighbor 10.0.0.3 the command does not take effect until the BGP session
send-label is restarted.
Step 6 neighbor address activate Activates the advertisement of the IPv4 address-family
neighbors.
Example:
Device(config-router-af)# end
Step 9 interface type slot/subslot/port[.subinterface] Enters interface configuration mode for the interface to be
used for the BGP session.
Example:
The interface can be a routed port or an .
Device(config)# interface
Note If RIP EIGRP, OSPF or static routing is used, the Label Distribution Protocol (LDP) must be used to signal
labels.
The Multi-VRF Support feature is not supported by Interior Gateway Routing Protocol (IGRP) or Intermediate
System-to-Intermediate System (IS-IS).
Multicast cannot be configured on the same Layer 3 interface as the Multi-VRF Support feature is configured.
SUMMARY STEPS
1. enable
2. configure terminal
3. router ospf process-id [vrf vpn-name]
4. log-adjacency-changes
5. redistribute bgp autonomous-system-number subnets
6. network ip-address subnet-mask area area-id
7. end
8. show ip ospf
DETAILED STEPS
Device> enable
Step 3 router ospf process-id [vrf vpn-name] Enables OSPF routing, specifies a virtual routing and
forwarding (VRF) table, and enters router configuration
Example:
mode.
Device(config)# router ospf 100 vrf v1
Device(config-router)# log-adjacency-changes
Step 5 redistribute bgp autonomous-system-number subnets Sets the device to redistribute information from the Border
Gateway Protocol (BGP) network to the OSPF network.
Example:
Step 6 network ip-address subnet-mask area area-id Indicates the network address and mask on which OSPF
runs, and the area ID of that network address.
Example:
Step 8 show ip ospf Displays information about the OSPF routing processes.
Example:
DETAILED STEPS
Device> enable
Step 3 interface type slot /subslot/port[.subinterface] Enters interface configuration mode for the interface
associated with the VRF. The interface can be a routed port
Example:
or an .
Device(config)# interface
Device(config-if)# mpls ip
configure terminal
ip vrf v1
rd 100:1
route-target export 100:1
route-target import 100:1
exit
ip vrf v2
rd 100:2
route-target export 100:2
route-target import 100:2
exit
The following example shows how to configure on PE device, PE-to-CE connections using BGP for both
routing and label exchange:
The following example shows how to configure on PE device, PE-to-CE connections using OSPF for routing
and LDP for label exchange:
configure terminal
ip routing
ip vrf v11
rd 800:1
route-target export 800:1
route-target import 800:1
exit
ip vrf v12
rd 800:2
route-target export 800:2
route-target import 800:2
exit
interface
ip vrf forwarding v11
ip address 10.0.0.8 255.255.255.0
exit
interface
ip vrf forwarding v12
ip address 10.0.0.8 255.255.255.0
exit
router ospf 1 vrf v11
network 10.0.0.0 255.255.255.0 area 0
network 10.0.0.0 255.255.255.0 area 0
exit
router ospf 2 vrf v12
network 10.0.0.0 255.255.255.0 area 0
network 10.0.0.0 255.255.255.0 area 0
exit
Note If BGP is used for routing between the PE and CE devices, the BGP-learned routes from the PE device can
be redistributed into OSPF using the commands in the following example.
The following example shows how to configure on CE devices, PE-to-CE connections using BGP for both
routing and label exchange:
The following example shows how to configure on CE devices, PE-to-CE connections using OSPF for both
routing and LDP for label exchange:
Additional References
Related Documents
MPLS and MPLS applications commands Cisco IOS Multiprotocol Label Switching Command Reference
OSPF with Multi-VRF “OSPF Support for Multi-VRF in CE Routers” module in the
OSPF Configuration Guide .
Technical Assistance
Description Link
Multi-VRF Support The Multi-VRF Support feature allows you to configure and maintain more
than one instance of a routing and forwarding table within the same CE
device.
Network operators might not always be able to summarize type 5 link-state advertisements (LSAs) at the
device level where redistribution occurs, as in the first possibility. Thus, a large number of type 5 LSAs can
be flooded over the domain.
In the second possibility, large type 1 LSAs might be flooded over the domain. The Area Border Router (ABR)
creates type 3 LSAs, one for each type 1 LSA, and floods them to the backbone. You can, however, have
unique summarization at the ABR level, which injects only one summary route into the backbone, thereby
reducing the processing overhead.
Before the introduction of the Default Passive Interfaces feature, you could configure the routing protocol on
all interfaces and manually set the passive-interface router configuration command on interfaces where
adjacencies were not desired. But in some networks, this solution meant configuring 200 or more passive
interfaces. The Default Passive Interfaces feature solved this problem by allowing all interfaces to be set as
passive by default. You can set all interfaces as passive by default by using the passive-interface default
command and then configure individual interfaces where adjacencies are desired using the no passive-interface
command.
The Default Passive Interfaces feature simplifies the configuration of distribution devices and allows the
network administrator to obtain routing information from interfaces in ISPs and large enterprise networks.
SUMMARY STEPS
1. enable
2. configure terminal
3. router eigrp {autonomous-system-number | virtual-instance-number}
4. passive-interface [default] [type number]
5. no passive-interface [default] [type number]
6. network network-address [options]
7. end
DETAILED STEPS
Device> enable
Step 3 router eigrp {autonomous-system-number | Configures an EIGRP process and enters router
virtual-instance-number} configuration mode.
Example: • autonomous-system-number—Autonomous system
number that identifies the services to the other EIGRP
Device(config)# router eigrp 1 address-family devices. It is also used to tag routing
information. The range is 1 to 65535.
• virtual-instance-number—EIGRP virtual instance
name. This name must be unique among all
address-family router processes on a single device, but
need not be unique among devices
Step 4 passive-interface [default] [type number] Sets all interfaces as passive by default.
Example:
Step 5 no passive-interface [default] [type number] Activates only those interfaces that need adjacencies.
Example:
Device(config-router)# no passive-interface
gigabitethernet 0/0/0
Step 6 network network-address [options] Specifies the list of networks to be advertised by routing
protocols.
Example:
Device(config-router)# end
Step 9 show ip interface Verifies whether interfaces you enabled are active.
Example:
Device# show ip interface
If you do not want OSPF to run on 172.18.3.0, enter the following commands:
Additional References
Related Documents
Technical Assistance
Description Link
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
routing if you want certain packets to be routed some way other than the obvious shortest path. Possible
applications for policy-based routing are to provide equal access, protocol-sensitive routing, source-sensitive
routing, routing based on interactive versus batch traffic, and routing based on dedicated links. Policy-based
routing is a more flexible mechanism for routing packets than destination routing.
To enable policy-based routing, you must identify which route map to use for policy-based routing and create
the route map. The route map itself specifies the match criteria and the resulting action if all of the match
clauses are met.
To enable policy-based routing on an interface, indicate which route map the device should use by using the
ip policy route-map map-tag command in interface configuration mode. A packet arriving on the specified
interface is subject to policy-based routing. This ip policy route-map command disables fast switching of
all packets arriving on this interface.
To define the route map to be used for policy-based routing, use the route-map map-tag [permit | deny]
[sequence-number] [ordering-seq] [sequence-name global configuration command.
To define the criteria by which packets are examined to learn if they will be policy-based routed, use either
the match length minimum-length maximum-length command or the match ip address {access-list-number
| access-list-name} [access-list-number | access-list-name] command or both in route map configuration mode.
No match clause in the route map indicates all packets.
To display the cache entries in the policy route cache, use the show ip cache policy command.
Note Mediatrace will show statistics of incorrect interfaces with policy-based routing (PBR) if the PBR does not
interact with CEF or Resource Reservation Protocol (RSVP). Hence configure PBR to interact with CEF or
RSVP directly so that mediatrace collects statistics only on tunnel interfaces and not physical interfaces.
Number Name
0 routine
1 priority
2 immediate
Number Name
3 flash
4 flash-override
5 critical
6 internet
7 network
The set commands can be used with each other. They are evaluated in the order shown in the previous table.
A usable next hop implies an interface. Once the local device finds a next hop and a usable interface, it routes
the packet.
Note Unlike UDP or other IP traffic, TCP traffic between a Cisco IOS or Cisco IOS-XE device and a remote host
cannot be controlled using a local IP policy, if the Cisco device does not have an entry for the remote host IP
in the Routing Information Base (RIB) (routing table) and Forwarding Information Base (FIB) (for Cisco
Express Forwarding) . It is not necessary that the RIB or FIB entry should be the same path as the one being
set by PBR. In the absence of this entry, TCP does not to detect a valid path to the destination and TCP traffic
fails. However, UDP or ICMP traffic continues to be routed as per the local policy,
Use the show ip local policy command to display the route map used for local policy routing, if one exists.
• match length
• match ip address
8. end
DETAILED STEPS
Device> enable
Step 3 interface type number Configures an interface type and enters interface
configuration mode.
Example:
Step 4 ip policy route-map map-tag Identifies a route map to use for policy routing on an
interface.
Example:
Device(config-if)# exit
Step 6 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed. .
Example: • map-tag—A meaningful name for the route map.
Step 7 Enter one or both of the following commands: Define the criteria by which packets are examined to learn
if they will be policy-based routed.
• match length
• match ip address
Example:
Device(config-route-map)# end
Additional References
Related Documents
Technical Assistance
Description Link
DETAILED STEPS
Step 4 match security-group source tag sgt-number Configures the value for security-group source security tag.
Example:
Device(config-route-map)# match security-group
source tag 100
Step 5 set ip next-hop ip-address Specifies the next hop for routing packets.
Example:
Device(config-route-map)# set ip next-hop
71.71.71.6
Step 6 match security-group destination tag sgt-number Configures the value for security-group destination security
tag.
Example:
Device(config-route-map)# match security-group
destination tag 150
Step 7 set ip next-hop ip-address Specifies the next hop for routing packets.
Example:
Device(config-route-map)# set ip next-hop
72.72.72.6
DETAILED STEPS
Step 3 interface typeslot/ subslot/ port[. subinterface-number] Specifies the interface information and enters interface
configuration mode.
Example:
Device(config)#interface gigabitEthernet0/0/0
Step 4 ip policy route-map map-tag Assigns the route-map configured in the previous task to
the interface.
Example:
Device(config-if)#ip policy route-map
policy_security
DETAILED STEPS
Step 1 enable
Example:
Device> enable
Match clauses:
security-group source tag 100 111
Set clauses:
ip next-hop 71.71.71.6
Policy routing matches: 0 packets, 0 bytes
route-map test, permit, sequence 20
Match clauses:
security-group destination tag 200 222
Set clauses:
ip next-hop 72.72.72.6
Policy routing matches: 0 packets, 0 bytes
Cisco IOS IP Routing Protocol Independent Cisco IOS IP Routing Protocol Independent Command
commands Reference
Technical Assistance
Description Link
SGT Based PBR This feature is supported on Cisco 4000 Series ISRs.
SGT Based The SGT Based PBR feature supports classification of packets based on Security
PBR Group Tag (SGT) for grouping the traffic into roles to match the defined policies
in PBR.
The following commands were introduced or modified: interface, ip policy
route-map, match security-group destination tag, match security-group
source tag, route-map, show ip policy, show route-map, show route-map
dynamic, show platform hardware qfp active classification
class-group-manager class-group client pbr, show platform hardware qfp
active classification feature-manager class-group tcam pbr global details,
match security-group source tag, show platform hardware qfp active feature
pbr class-group, show platform software pbr fp interface all, show platform
software pbr rp ac statistics, show platform software route-map fp active
map, show platform software route-map rp active map.
• The SGT Based QoS feature does not support combining match application or match protocol criteria
with the match sgt criteria within a policy.
DETAILED STEPS
Step 3 class-map class-map-name Specifies the class-map and enters class-map configuration
mode.
Example:
Step 4 match security-group source tag sgt-number Configures the value for security-group source security tag.
Example:
Device(config-cmap)# match security-group source
tag 1000
Step 5 match security-group destination tag dgt-number Configures the value for security-group destination security
tag.
Example:
Device(config-cmap)# match security-group
destination tag 2000
DETAILED STEPS
Step 4 class class-map-name Specifies the class and enters class configuration mode.
Example:
Device(config-pmap)# class c1
Step 5 bandwidth percent number Configures the value for bandwidth percent.
Example:
Device(config-pmap-c)# bandwidth percent 20
Step 6 set dscp codepoint value Configures the Differentiated Services Code Point (DSCP)
value.
Example:
Device(config-pmap-c)# set dscp ef
Step 8 interface type slot/subslot/port [. subinterface-number] Specifies the interface information and enters interface
configuration mode.
Example:
Device(config)#interface gigabitEthernet0/0/0.1
Step 9 service-policy {input | output} policy-map-name Assigns policy-map to the input of an interface.
Example:
Device(config-if)# service-policy input p1
DETAILED STEPS
Step 1 enable
Example:
Device> enable
Cisco IOS IP Routing Protocol Independent Cisco IOS IP Routing Protocol Independent Command
commands Reference
Technical Assistance
Description Link
SGT Based The SGT Based QoS feature supports classification of packets based on Security
QoS Group Tag (SGT) for grouping the traffic into user groups and devices to match
the defined QoS policies.
The following commands were introduced or modified: debug cpl provisioning,
class-map match security-group destination tag, match security-group source
tag, show class-map.
To enable policy-based routing, you must identify which route map to use for policy-based routing and create
the route map. The route map itself specifies the match criteria and the resulting action if all of the match
clauses are met.
To enable policy-based routing on an interface, indicate which route map the device should use by using the
ip policy route-map map-tag command in interface configuration mode. A packet arriving on the specified
interface is subject to policy-based routing. This ip policy route-map command disables fast switching of
all packets arriving on this interface.
To define the route map to be used for policy-based routing, use the route-map map-tag [permit | deny]
[sequence-number] [ordering-seq] [sequence-name global configuration command.
To define the criteria by which packets are examined to learn if they will be policy-based routed, use either
the match length minimum-length maximum-length command or the match ip address {access-list-number
| access-list-name} [access-list-number | access-list-name] command or both in route map configuration mode.
No match clause in the route map indicates all packets.
To display the cache entries in the policy route cache, use the show ip cache policy command.
Note Mediatrace will show statistics of incorrect interfaces with policy-based routing (PBR) if the PBR does not
interact with CEF or Resource Reservation Protocol (RSVP). Hence configure PBR to interact with CEF or
RSVP directly so that mediatrace collects statistics only on tunnel interfaces and not physical interfaces.
Number Name
0 routine
1 priority
2 immediate
3 flash
4 flash-override
Number Name
5 critical
6 internet
7 network
The set commands can be used with each other. They are evaluated in the order shown in the previous table.
A usable next hop implies an interface. Once the local device finds a next hop and a usable interface, it routes
the packet.
Note The set ip next-hop and set ip default next-hop commands are similar but have a different order of operation.
Configuring the set ip next-hop command causes the system to first use policy routing and then use the routing
table. Configuring the set ip default next-hop command causes the system to first use the routing table and
then the policy-route-specified next hop.
SUMMARY STEPS
1. enable
2. configure terminal
3. route-map map-tag [permit | deny] [sequence-number] [
4. set ip precedence {number | name}
5. set ip next-hop ip-address [ip-address]
6. set interface type number [...type number]
7. set ip default next-hop ip-address [ip-address]
8. set default interface type number [...type number]
9. end
DETAILED STEPS
Device> enable
Step 3 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed.
Example:
Step 4 set ip precedence {number | name} Sets the precedence value in the IP header.
Example: Note You can specify either a precedence number or
a precedence name.
Device(config-route-map)# set ip precedence 5
Step 5 set ip next-hop ip-address [ip-address] Specifies the next hop for routing packets.
Example: Note The next hop must be an adjacent device.
Step 6 set interface type number [...type number] Specifies the output interface for the packet.
Example:
Step 7 set ip default next-hop ip-address [ip-address] Specifies the next hop for routing packets if there is no
explicit route for this destination.
Example:
Note Like the set ip next-hop command, the set ip
Device(config-route-map)# set ip default next-hop default next-hop command must specify an
172.16.6.6 adjacent device.
Step 8 set default interface type number [...type number] Specifies the output interface for the packet if there is no
explicit route for the destination.
Example:
Device(config-route-map)# end
Additional References
Related Documents
Technical Assistance
Description Link
Table 17: Feature Information for Policy-Based Routing Default Next-Hop Routes
DETAILED STEPS
Step 5 route-target export route-target-ext-community Creates a route-target extended community for a VRF and
exports routing information from the target VPN extended
Example:
community. The route-target-ext-community argument is
Device(config-vrf)# route-target export 100:1 either an AS number or an IP address.
Step 6 route-target import route-target-ext-community Creates a route-target extended community for a VRF and
imports routing information from the target VPN extended
Example:
community. The route-target-ext-community argument is
Device(config-vrf)# route-target import 100:1 either an AS number or an IP address.
Step 11 exit Exits ICMP echo configuration mode and returns to global
configuration mode.
Example:
Device(config-ip-sla-echo)# exit
Step 12 ip sla schedule operation-number life forever start-time Configures the scheduling parameters for a single Cisco
now IOS IP SLAs operation.
Example:
Device(config)# ip sla schedule 1 life forever
start-time now
Step 13 track object-number ip sla operation-number Tracks the state of a Cisco IOS IP SLAs operation and
enters tracking configuration mode.
Example:
Step 14 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config-track)# interface Ethernet1/0
Step 16 ip address ip-address subnet-mask Specifies the IP address and subnet mask for the interface.
Example:
Device(config-if)# ip address 10.0.0.2 255.0.0.0
Step 18 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed. .
Example:
Step 19 set ip vrf vrf-name next-hop verify-availability Configures policy routing to verify the reachability of the
next-hop-address sequence track object next hop of a route map before the router performs policy
routing to that next hop.
Example:
Device(config-route-map)# set ip vrf RED next-hop
verify-availability 192.168.23.2 1 track 1
Step 21 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config)# interface Ethernet0/0
Step 23 ip policy route-map map-tag Identifies a route map to use for policy routing on an
interface.
Example:
Device(config-if)# ip policy route-map test02
DETAILED STEPS
Step 5 route-target export route-target-ext-community Creates a route-target extended community for a VRF and
exports routing information from the target VPN extended
Example:
community. The route-target-ext-community argument is
Device(config-vrf)# route-target export 100:1 either an AS number or an IP address.
Step 6 route-target import route-target-ext-community Creates a route-target extended community for a VRF and
imports routing information from the target VPN extended
Example:
community. The route-target-ext-community argument is
Device(config-vrf)# route-target import 100:1 either an AS number or an IP address.
Step 11 exit Exits ICMP echo configuration mode and returns to global
configuration mode.
Example:
Step 12 ip sla schedule operation-number life forever start-time Configures the scheduling parameters for a single Cisco
now IOS IP SLAs operation.
Example:
Device(config)# ip sla schedule 1 life forever
start-time now
Step 13 track object-number ip sla operation-number Tracks the state of a Cisco IOS IP SLAs operation and
enters tracking configuration mode.
Example:
Device(config)# track 1 ip sla 1
Step 14 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config-track)# interface Ethernet1/0
Step 16 ip address ip-address subnet-mask Specifies the IP address and subnet mask for the interface.
Example:
Device(config-if)# ip address 10.0.0.2 255.0.0.0
Step 19 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed. .
Example:
Step 20 set ipv6 vrf vrf-name next-hop verify-availability Configures policy routing to verify the reachability of the
next-hop-address sequence track object next hop of a route map before the router performs policy
routing to that next hop.
Example:
Device(config-route-map)# set ipv6 vrf RED
next-hop verify-availability 2001:DB8:1::1 1 track
1
Step 22 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config)# interface Ethernet0/0
Step 24 ipv6 policy route-map map-tag Identifies a route map to use for policy routing on an
interface.
Example:
Device(config-if)# ipv6 policy route-map test02
Step 25 ip address ip-address subnet-mask Specifies the IP address and subnet mask for the interface.
Example:
Device(config-if)# ip address 192.168.10.2
255.255.255.0
DETAILED STEPS
Step 5 route-target export route-target-ext-community Creates a route-target extended community for a VRF and
exports routing information from the target VPN extended
Example:
community. The route-target-ext-community argument is
Device(config-vrf)# route-target export 800:1 either an AS number or an IP address.
Step 9 route-target export route-target-ext-community Creates a route-target extended community for a VRF and
exports routing information from the target VPN extended
Example:
community. The route-target-ext-community argument is
Device(config-vrf)# route-target export 900:1 either an AS number or an IP address.
Step 10 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config-vrf)# interface Ethernet0/0
Step 12 ip address ip-address subnet-mask Specifies the IP address and subnet mask for the interface.
Example:
Device(config-if)# ip address 192.168.10.2
255.255.255.0
Step 13 ip policy route-map map-tag Identifies a route map to use for policy routing on an
interface.
Example:
Device(config-if)# ip policy route-map test00
Step 14 interface type number Specifies the interface type and number.
Example:
Device(config-if)# interface Ethernet0/1
Step 16 ip address ip-address subnet-mask Specifies the IP address and subnet mask for the interface.
Example:
Device(config-if)# ip address 192.168.21.1
255.255.255.0
Step 18 ip route vrf vrf-name prefix mask interface-type Establishes static routes.
interface-number ip-address
Example:
Step 19 ip route vrf vrf-name prefix mask ip-address Establishes static routes.
Example:
Device(config)# ip route vrf BLUE 192.168.23.0
255.255.255.0 192.168.21.2
Step 21 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ sequence-name to be distributed..
Example:
Step 22 match interface interface-type interface-number Distributes any routes that have their next hop as one of
the specified interfaces.
Example:
Device(config-route-map)# match interface
Ethernet0/0
Step 23 set ip vrf vrf-name next-hop verify-availability Configures policy routing to verify the reachability of the
next-hop-address sequence track object next hop of a route map of a VRF instance before the router
performs policy routing to that next hop.
Example:
Device(config-route-map)# set ip vrf BLUE next-hop
verify-availability 192.168.23.2 1 track 1
Example: Configuring PBR Next-Hop Verify Availability for Inherited IPv6 VRF
Device> enable
Device# configure terminal
Device(config)# ip vrf RED
Device(config-vrf)# rd 100:1
Device(config-vrf)# route-target export 100:1
Device(config-vrf)# route-target import 100:1
Device(config-vrf)# exit
Device(config)# ip sla 1
Device(config-ip-sla)# icmp-echo 10.0.0.4
Device(config-ip-sla-echo)# vrf RED
Device(config-ip-sla-echo)# exit
Device(config)# ip sla schedule 1 life forever start-time now
Device(config)# track 1 ip sla 1
Device(config-track)# interface Ethernet0/0
Device(config-if)# ip vrf forwarding RED
Device(config-if)# ip policy route-map test02
Device(config-if)# ip address 192.168.10.2 255.255.255.0
Device(config-if)# ipv6 address 2001:DB8::/32
Device(config-if)# interface Ethernet1/0
Device(config-if)# ip vrf forwarding RED
Device(config-if)# ip address 10.0.0.2 255.0.0.0
Device(config-if)# ipv6 address 2001:DB8::/48
Device(config-if)# exit
Device(config)# route-map test02 permit 10
Device(config-route-map)# set ipv6 vrf RED next-hop verify-availability 2001:DB8:1::1 1
track 1
Device(config-route-map)# end
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
• Configure the BGP community list, BGP autonomous system path, or access list and enable the policy
on an interface.
• Enable committed access rate (CAR) or Weighted Random Early Detection (WRED) to use the policy.
DETAILED STEPS
Device> enable
Step 3 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ to be distributed. .
Example:
Step 4 match community {standard-list-number | Matches a Border Gateway Protocol (BGP) community
expanded-list-number | community-list-name [exact]} list.
Example:
Step 5 set ip precedence [number | name] Sets the IP Precedence field when the community list
matches.
Example:
Note You can specify either a precedence number or
Device(config-route-map)# set ip precedence 5 a precedence name.
Device(config-route-map)# exit
Step 7 router bgp autonomous-system Enables a BGP process and enters router configuration
mode.
Example:
Step 8 table-map route-map-name Modifies the metric and tag values when the IP routing
table is updated with BGP learned routes.
Example:
Device(config-router)# exit
Step 10 ip community-list standard-list-number {permit | deny} Creates a community list for BGP and controls access to
[community-number] it.
Example:
Step 11 interface type number Specifies the interface (or subinterface) and enters interface
configuration mode.
Example:
Device(config-if)# exit
Device(config)# end
Configuring QoS Policy Propagation via BGP Based on the Autonomous System
Path Attribute
SUMMARY STEPS
1. enable
2. configure terminal
3. named-ordering-route-map enable ]
4. route-map map-tag [permit | deny] [sequence-number] [ ordering-seq sequence-name
5. match as-path path-list-number
6. set ip precedence [number | name]
7. exit
8. router bgp autonomous-system
9. table-map route-map-name
10. exit
11. ip as-path access-list access-list-number {permit | deny} as-regular-expression
12. interface type number
DETAILED STEPS
Device> enable
Step 4 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ ordering-seq sequence-name to be distributed. ordering-seq indicates the sequence that
is to be used for ordering of route-maps.
Example:
Step 5 match as-path path-list-number Matches a Border Gateway Protocol (BGP) autonomous
system path access list.
Example:
Device(config-route-map)# match as-path 2
Step 6 set ip precedence [number | name] Sets the IP Precedence field when the autonomous-system
path matches.
Example:
Device(config-route-map)# set ip precedence 5 Note You can specify either a precedence number or
a precedence name.
Step 8 router bgp autonomous-system Enables a BGP process and enters router configuration
mode.
Example:
Device(config)# router bgp 45000
Step 9 table-map route-map-name Modifies the metric and tag values when the IP routing
table is updated with BGP learned routes.
Example:
Step 11 ip as-path access-list access-list-number {permit | deny} Defines an autonomous system path access list.
as-regular-expression
Example:
Device(config)# ip as-path access-list 500 permit
45000
Step 12 interface type number Specifies the interface (or subinterface) and enters interface
configuration mode.
Example:
Device(config)# interface gigabitethernet 0/0/0
DETAILED STEPS
Device> enable
Step 4 route-map map-tag [permit | deny] [sequence-number] Configures a route map and specifies how the packets are
[ ordering-seq sequence-name to be distributed. ordering-seq indicates the sequence that
is to be used for ordering of route-maps.
Example:
Step 6 set ip precedence [number | name] Sets the IP precedence field when the autonomous system
path matches.
Example:
Device(config-route-map)# set ip precedence
routine
Step 8 router bgp autonomous-system Enables a Border Gateway Protocol (BGP) process and
enters router configuration mode.
Example:
Device(config)# router bgp 45000
Step 9 table-map route-map-name Modifies the metric and tag values when the IP routing
table is updated with BGP learned routes.
Example:
Device(config-router)# table-map rm1
Step 12 interface type number Specifies the interfaces (or subinterface) and enters
interface configuration mode.
Example:
Device(config)# interface gigabitethernet 0/0/0
Device A Configuration
match community 2
set ip precedence immediate
!
! Match community 3 and set the IP precedence to flash
route-map precedence-map permit 30
match community 3
set ip precedence flash
!
! Match community 4 and set the IP precedence to flash-override
route-map precedence-map permit 40
match community 4
set ip precedence flash-override
!
! Match community 5 and set the IP precedence to critical
route-map precedence-map permit 50
match community 5
set ip precedence critical
!
! Match community 6 and set the IP precedence to internet
route-map precedence-map permit 60
match community 6
set ip precedence internet
!
! Match community 7 and set the IP precedence to network
route-map precedence-map permit 70
match community 7
set ip precedence network
!
! Match ip address access list 69 or match autonomous system path 1
! and set the IP precedence to critical
route-map precedence-map permit 75
match ip address 69
match as-path 1
set ip precedence critical
!
! For everything else, set the IP precedence to routine
route-map precedence-map permit 80
set ip precedence routine
!
! Define community lists
ip community-list 1 permit 60:1
ip community-list 2 permit 60:2
ip community-list 3 permit 60:3
ip community-list 4 permit 60:4
ip community-list 5 permit 60:5
ip community-list 6 permit 60:6
ip community-list 7 permit 60:7
!
! Define the AS path
ip as-path access-list 1 permit ^10_60
!
! Define the access list
access-list 69 permit 10.69.0.0
Device B Configuration
router bgp 10
neighbor 10.30.30.1 remote-as 30
neighbor 10.30.30.1 send-community
neighbor 10.30.30.1 route-map send_community out
!
ip bgp-community new-format
!
Additional References
Related Documents
Technical Assistance
Description Link
Table 18: Feature Information for QoS Policy Propagation via BGP
QoS Policy Propagation via BGP The QoS Policy Propagation via
BGP feature allows you to classify
packets by IP precedence based on
Border Gateway Protocol (BGP)
community lists, BGP autonomous
system paths, and access lists. After
a packet has been classified, you
can use other quality of service
(QoS) features such as committed
access rate (CAR) and Weighted
Random Early Detection (WRED)
to specify and enforce policies to
fit your business model.
• Distributed Forwarding Information Base (FIB)-based policy routing is available only on platforms that
support distributed Cisco Express Forwarding.
• The set ip next-hop verify-availability command is not supported in distributed Cisco Express Forwarding
because distributed Cisco Express Forwarding does not support the Cisco Discovery Protocol (formerly
known as CDP) database.
NPR is the default policy routing mode. No additional configuration tasks are required to enable policy routing
with Cisco Express Forwarding, distributed Cisco Express Forwarding, or NetFlow. As soon as one of these
features is turned on, packets are automatically subjected to policy routing in the appropriate switching path.
The following example shows how to configure policy routing with Cisco Express Forwarding. The route is
configured to verify that the next hop 10.0.0.8 of the route map named test is a Cisco Discovery Protocol
neighbor before the device tries to policy-route to it.
Device(config)# ip cef
Device(config)# interface GigabitEthernet 0/0/1
Device(config-if)# ip route-cache flow
Device(config-if)# ip policy route-map test
Device(config-if)# exit
Device(config)# route-map test permit 10
Device(config-route-map)# match ip address 1
Device(config-route-map)# set ip precedence priority
Device(config-route-map)# set ip next-hop 10.0.0.8
Device(config-route-map)# set ip next-hop verify-availability
Device(config-route-map)# exit
Device(config)# route-map test permit 20
Device(config-route-map)# match ip address 101
Next-Hop Reachability
You can use the set ip next-hop verify-availability command to configure policy routing to verify the
reachability of the next hop of a route map before the device performs policy routing to that next hop. This
command has the following restrictions:
• It can cause performance degradation.
• Cisco Discovery Protocol must be enabled on the interface.
• The directly connected next hop must be a Cisco Discovery Protocol-enabled Cisco device.
• It does not work with distributed Cisco Express Forwarding configurations.
If a device is policy routing packets to the next hop and the next hop happens to be down, the device tries
unsuccessfully to use the Address Resolution Protocol (ARP). This behavior can continue indefinitely. You
can prevent this behavior by configuring the set ip next-hop verify availability command on the device. This
command first verifies (using a route map) whether the next hop is a Cisco Discovery Protocol neighbor of
the device before routing packets to that next hop. However, if you configure this command on a device whose
next hop is not a Cisco Discovery Protocol neighbor, the device looks at the subsequent next hop, if there is
one. If there is no available next hop, packets are not policy-routed. This configuration is optional because
some media or encapsulations do not support Cisco Discovery Protocol.
If the set ip next-hop verify availability command is not configured, packets are either policy-routed or
remain forever unrouted.
If you want to verify the availability of only some next hops, you can configure different route-map entries
(under the same route-map name) with different criteria (using access-list matching or packet-size matching),
and use the set ip next-hop verify availability configuration command selectively.
Additional References
Related Documents
Technical Assistance
Description Link
SUMMARY STEPS
1. enable
2. configure terminal
3. vrf definition vrf-name
4. rd route-distinguisher
5. address-family {ipv4 | ipv6}
6. exit
7. exit
8. ip route [vrf vrf-name] prefix mask ip-address
9. ip route static install-routes-recurse-via-nexthop [vrf vrf-name]
10. end
11. show running-config | include install
12. show ip route vrf vrf-name
DETAILED STEPS
Step 3 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) routing
table instance and enters VRF configuration mode.
Example:
Device(config)# vrf definition vrf1
Step 5 address-family {ipv4 | ipv6} Enters VRF address family configuration mode to specify
an IPv4 or IPv6 address family for a VRF.
Example:
Device(config-vrf)# address-family ipv4
Step 8 ip route [vrf vrf-name] prefix mask ip-address Configures a static route for a specific VRF instance.
Example:
Device(config)# ip route vrf vrf1 10.0.2.0
255.255.255.0 10.0.1.1
Step 9 ip route static install-routes-recurse-via-nexthop [vrf Enables recursive static routes to be installed in the RIB
vrf-name] of a specific VRF instance.
Example:
Device(config)# ip route static
install-routes-recurse-via-nexthop vrf vrf1
Step 11 show running-config | include install Displays all recursive static route configurations.
Example:
Device# show running-config | inc install
Step 12 show ip route vrf vrf-name Displays the IP routing table associated with a specific
VRF.
Example:
Device# show ip route vrf vrf1
SUMMARY STEPS
1. enable
2. configure terminal
3. vrf definition vrf-name
4. rd route-distinguisher
5. address-family {ipv4 | ipv6}
6. exit
7. exit
8. ip route [vrf vrf-name] prefix mask ip-address
9. access-list access-list-number permit source [source-wildcard]
10. route-map map-tag
11. match ip address access-list-number
12. exit
13. ip route static install-routes-recurse-via-nexthop [vrf vrf-name] [route-map map-name]
14. end
15. show running-config | include install
16. show ip route vrf vrf-name
DETAILED STEPS
Step 3 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) routing
table instance and enters VRF configuration mode.
Example:
Device(config)# vrf definition vrf1
Step 5 address-family {ipv4 | ipv6} Enters VRF address family configuration mode to specify
an IPv4 or an IPv6 address-family type for a VRF.
Example:
Device(config-vrf)# address-family ipv4
Step 8 ip route [vrf vrf-name] prefix mask ip-address Configures a static route for a specific VRF instance.
Example:
Device(config)# ip route vrf vrf1 10.0.2.0
255.255.255.0 10.0.1.1
Step 9 access-list access-list-number permit source Defines a standard access list permitting addresses that
[source-wildcard] need to be translated.
Example:
Device(config)# access-list 10 permit 10.0.2.0
255.255.255.0
Step 10 route-map map-tag Defines a route map to control route redistribution and
enters route-map configuration mode.
Example:
Device(config)# route-map map1
Step 11 match ip address access-list-number Matches routes that have a destination network address
that is permitted by a standard or extended access list.
Example:
Device(config-route-map)# match ip address 10
Step 13 ip route static install-routes-recurse-via-nexthop [vrf Enables installation of recursive static routes defined by
vrf-name] [route-map map-name] a route map into the RIB of a specific VRF.
Example:
Device(config)# ip route static
install-routes-recurse-via-nexthop vrf vrf1
route-map map1
Step 15 show running-config | include install Displays all recursive static route configurations.
Example:
Device# show running-config | inc install
Step 16 show ip route vrf vrf-name Displays the IP routing table associated with a specific
VRF.
Example:
Device# show ip route vrf vrf1
In the example above, route 10.0.2.0 255.255.255.0 10.0.1.1 will be installed in the RIB, but the
route 10.0.3.0 255. 255.255.0 10.0.1.1 will not be installed in the RIB because this route does not
match the network defined in the route map.
Technical Assistance
Description Link
Recursive Static Routes Cisco IOS XE Release 3.9S The Recursive Static Route feature
enables you to install a recursive
static route into the Routing
Information Base (RIB) even if the
next-hop address of the static route
or the destination network itself is
already available in the RIB as part
of a previously learned route.
The following command was
introduced: ip route static
install-recurse-via-nexthop.